ID CVE-2016-4398
Summary A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization.
Vulnerable Configurations
Base: None
nessus via4
NASL family CGI abuses
description The HP Network Node Manager i (NNMi) server running on the remote host is a version prior to 10.20. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this to execute arbitrary code on the target host. (CVE-2016-4398) - Multiple reflected cross-site scripting (XSS) vulnerabilities exist due to improper validation of input before returning it to users. An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-4399, CVE-2016-4400)
last seen 2018-06-15
modified 2018-06-14
plugin id 94933
published 2016-11-17
reporter Tenable
title HP Network Node Manager i < 10.20 Multiple Vulnerabilities
refmap via4
bid 94195
Last major update 07-08-2018 - 21:29
Published 06-08-2018 - 16:29
Last modified 07-08-2018 - 21:29
Back to Top