CVE-2016-4393

Опубликовано: 28 окт. 2016

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue.

Ссылки

http://www.securityfocus.com/bid/93961
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://www.securityfocus.com/bid/93961
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*

Версия до 7.5.5.0 (включая)

EPSS

Процентиль: 48%

0.00251

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2565-pm5h-w9cc