Details of VAR-201608-0291

ID

VAR-201608-0291

CVE

CVE-2016-4378

TITLE

HPE XP P9000 CVAE Software and XP7 CVAE Suite Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-004477

DESCRIPTION

The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors. Multiple HP Products are prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks

Trust: 1.89

sources: NVD: CVE-2016-4378 // JVNDB: JVNDB-2016-004477 // BID: 92649

AFFECTED PRODUCTS

vendor:	hp	model:	xp7 command view	scope:	lte	version:	8.4.0	Trust: 1.0
vendor:	hp	model:	xp 9000 command view	scope:	lte	version:	8.4.0	Trust: 1.0
vendor:	hewlett packard	model:	hpe xp p9000 command view	scope:	lt	version:	advanced edition software 8.4.1-00	Trust: 0.8
vendor:	hewlett packard	model:	hpe xp7 command view advanced edition suite	scope:	lt	version:	8.4.1-00	Trust: 0.8
vendor:	hp	model:	xp7 command view	scope:	eq	version:	8.4.0	Trust: 0.6
vendor:	hp	model:	xp 9000 command view	scope:	eq	version:	8.4.0	Trust: 0.6
vendor:	hp	model:	xp7 command view advanced edition suite	scope:	eq	version:	8.4.0-00	Trust: 0.3
vendor:	hp	model:	xp7 command view advanced edition suite	scope:	eq	version:	7.0.0-02	Trust: 0.3
vendor:	hp	model:	xp p9000 command view advanced edition	scope:	eq	version:	8.4.0-00	Trust: 0.3
vendor:	hp	model:	xp p9000 command view advanced edition	scope:	eq	version:	7.5.0-02	Trust: 0.3
vendor:	hp	model:	xp p9000 command view advanced edition	scope:	eq	version:	7.5.0-00	Trust: 0.3
vendor:	hp	model:	xp p9000 command view advanced edition	scope:	eq	version:	7.4.1-00	Trust: 0.3
vendor:	hp	model:	xp p9000 command view advanced edition	scope:	eq	version:	7.4.0-00	Trust: 0.3
vendor:	hp	model:	xp p9000 command view advanced edition	scope:	eq	version:	7.3.1-00	Trust: 0.3
vendor:	hp	model:	xp p9000 command view advanced edition	scope:	eq	version:	7.0.0-02	Trust: 0.3
vendor:	hp	model:	xp p9000 command view advanced edition	scope:	eq	version:	7.0.0-00	Trust: 0.3
vendor:	hp	model:	xp7 command view advanced edition suite	scope:	ne	version:	8.4.1-00	Trust: 0.3
vendor:	hp	model:	xp p9000 tiered storage manager	scope:	ne	version:	8.4.1-00	Trust: 0.3
vendor:	hp	model:	xp p9000 replication manager	scope:	ne	version:	8.4.1-00	Trust: 0.3
vendor:	hp	model:	xp p9000 command view advanced edition	scope:	ne	version:	8.4.1-00	Trust: 0.3

sources: BID: 92649 // JVNDB: JVNDB-2016-004477 // CNNVD: CNNVD-201608-467 // NVD: CVE-2016-4378

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4378
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-4378
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201608-467
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2016-4378
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2016-4378
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: JVNDB: JVNDB-2016-004477 // CNNVD: CNNVD-201608-467 // NVD: CVE-2016-4378

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2016-004477 // NVD: CVE-2016-4378

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-467

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201608-467

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004477

PATCH

title:	HPSBST03636	url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05241355	Trust: 0.8
title:	HPE XP P9000 Command View Advanced Edition and XP7 Command View Advanced Edition Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63790	Trust: 0.6

sources: JVNDB: JVNDB-2016-004477 // CNNVD: CNNVD-201608-467

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4378	Trust: 2.7
db:	BID	id:	92649	Trust: 1.9
db:	SECTRACK	id:	1036686	Trust: 1.0
db:	JVNDB	id:	JVNDB-2016-004477	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-467	Trust: 0.6

sources: BID: 92649 // JVNDB: JVNDB-2016-004477 // CNNVD: CNNVD-201608-467 // NVD: CVE-2016-4378

REFERENCES

url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05241355	Trust: 1.6
url:	http://www.securityfocus.com/bid/92649	Trust: 1.6
url:	http://www.securitytracker.com/id/1036686	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4378	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4378	Trust: 0.8
url:	http://www.hp.com/	Trust: 0.3
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05241355	Trust: 0.3

sources: BID: 92649 // JVNDB: JVNDB-2016-004477 // CNNVD: CNNVD-201608-467 // NVD: CVE-2016-4378

CREDITS

The vendor reported the issue.

Trust: 0.3

sources: BID: 92649

SOURCES

db:	BID	id:	92649
db:	JVNDB	id:	JVNDB-2016-004477
db:	CNNVD	id:	CNNVD-201608-467
db:	NVD	id:	CVE-2016-4378

LAST UPDATE DATE

2024-11-23T23:09:11.643000+00:00

SOURCES UPDATE DATE

db:	BID	id:	92649	date:	2016-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2016-004477	date:	2016-08-30T00:00:00
db:	CNNVD	id:	CNNVD-201608-467	date:	2016-08-29T00:00:00
db:	NVD	id:	CVE-2016-4378	date:	2024-11-21T02:51:59.250

SOURCES RELEASE DATE

db:	BID	id:	92649	date:	2016-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2016-004477	date:	2016-08-30T00:00:00
db:	CNNVD	id:	CNNVD-201608-467	date:	2016-08-26T00:00:00
db:	NVD	id:	CVE-2016-4378	date:	2016-08-26T19:59:07.883