cnvd-2016-02003
Vulnerability from cnvd

Title: HPE Asset Manager任意代码执行漏洞

Description:

HP AssetManager是管理IT资产生命周期的解决方案。

HPE Asset Manager 9.40, 9.41, 9.50以及Asset Manager CloudSystem Chargeback 9.40存在安全漏洞,远程攻击者通过构造的序列化Java对象,利用此漏洞可执行任意命令。

Severity:

Patch Name: HPE Asset Manager任意代码执行漏洞的补丁

Patch Description:

HP AssetManager是管理IT资产生命周期的解决方案。

HPE Asset Manager 9.40, 9.41, 9.50以及Asset Manager CloudSystem Chargeback 9.40存在安全漏洞,远程攻击者通过构造的序列化Java对象,利用此漏洞可执行任意命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

HP已经为此发布了一个安全公告(HPSBGN03567)以及相应补丁: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05064889

Reference: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05064889

Impacted products
Name
['HP Asset Manager 9.40', 'HP Asset Manager 9.41', 'HP Asset Manager 9.50', 'HP Asset Manager CloudSystem Chargeback 9.40']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-2000"
    }
  },
  "description": "HP AssetManager\u662f\u7ba1\u7406IT\u8d44\u4ea7\u751f\u547d\u5468\u671f\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nHPE Asset Manager 9.40, 9.41, 9.50\u4ee5\u53caAsset Manager CloudSystem Chargeback 9.40\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u6784\u9020\u7684\u5e8f\u5217\u5316Java\u5bf9\u8c61\uff0c\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "HP",
  "formalWay": "HP\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08HPSBGN03567\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05064889",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02003",
  "openTime": "2016-04-07",
  "patchDescription": "HP AssetManager\u662f\u7ba1\u7406IT\u8d44\u4ea7\u751f\u547d\u5468\u671f\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nHPE Asset Manager 9.40, 9.41, 9.50\u4ee5\u53caAsset Manager CloudSystem Chargeback 9.40\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u6784\u9020\u7684\u5e8f\u5217\u5316Java\u5bf9\u8c61\uff0c\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HPE Asset Manager\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "HP Asset Manager 9.40",
      "HP Asset Manager 9.41",
      "HP Asset Manager 9.50",
      "HP Asset Manager CloudSystem Chargeback 9.40"
    ]
  },
  "referenceLink": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05064889",
  "serverity": "\u9ad8",
  "submitTime": "2016-04-06",
  "title": "HPE Asset Manager\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.