ID CVE-2016-4399
Summary A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
nessus via4
NASL family CGI abuses
NASL id HP_NNMI_CONSOLE_10_10.NASL
description The HP Network Node Manager i (NNMi) server running on the remote host is a version prior to 10.20. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this to execute arbitrary code on the target host. (CVE-2016-4398) - Multiple reflected cross-site scripting (XSS) vulnerabilities exist due to improper validation of input before returning it to users. An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-4399, CVE-2016-4400)
last seen 2018-06-15
modified 2018-06-14
plugin id 94933
published 2016-11-17
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=94933
title HP Network Node Manager i < 10.20 Multiple Vulnerabilities
refmap via4
bid 94195
confirm https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05325823
sectrack 1037232
Last major update 07-08-2018 - 21:29
Published 06-08-2018 - 16:29
Last modified 07-08-2018 - 21:29
Back to Top