Cross-Site Scripting Flaw in HP Network Node Manager i Software
CVE-2016-4400

5.4MEDIUM

Key Information:

Vendor

HP
Status
HP Network Node Manager (nnmi)
Vendor
CVE Published:
6 August 2018

What is CVE-2016-4400?

A vulnerability exists in HP's Network Node Manager i Software that allows attackers to execute arbitrary scripts in the context of a trusted user's session. This cross-site scripting (XSS) flaw can enable malicious actors to compromise user interactions with the application, potentially leading to unauthorized actions or data exposure. Users of affected versions are encouraged to apply relevant patches and updates to mitigate the risks associated with this security issue.

Affected Version(s)

HP Network Node Manager (NNMi) 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10

References

http://www.securityfocus.com/bid/94195
vdb-entryx_refsource_BID
https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037232
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.