cnvd - cnvd-2016-06643

CNVD-2016-06643

Vulnerability from cnvd - Published: 2016-08-24

Title

HP P9000 and XP7 Command View Advanced Edition Software Suite信息泄露漏洞

Description

HP XP P9000 Command View Advanced Edition Suite Software是美国惠普（HP）公司的一款可对HP XP P9500、XP Disk Array磁盘阵列产品进行存储管理的设备管理软件。 HP P9000 and XP7 Command View Advanced Edition Software Suite存在信息泄露漏洞，远程攻击者可以利用该漏洞导致信息泄露。

Severity

中

Patch Name

HP P9000 and XP7 Command View Advanced Edition Software Suite信息泄露漏洞的补丁

Patch Description

Formal description

目测厂商已经发布安全通告，详情请关注厂商主页或有关网址： https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05241355

Reference

https://www.auscert.org.au/render.html?it=37966

Impacted products

Name
HP XP P9000 Command View Advanced Edition Software <8.4.1-00

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "92649"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4378"
    }
  },
  "description": "HP XP P9000 Command View Advanced Edition Suite Software\u662f\u7f8e\u56fd\u60e0\u666e\uff08HP\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u53ef\u5bf9HP XP P9500\u3001XP Disk Array\u78c1\u76d8\u9635\u5217\u4ea7\u54c1\u8fdb\u884c\u5b58\u50a8\u7ba1\u7406\u7684\u8bbe\u5907\u7ba1\u7406\u8f6f\u4ef6\u3002\r\n\r\nHP P9000 and XP7 Command View Advanced Edition Software Suite\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002",
  "discovererName": "HP",
  "formalWay": "\u76ee\u6d4b\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u5b89\u5168\u901a\u544a\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u6709\u5173\u7f51\u5740\uff1a\r\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05241355",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-06643",
  "openTime": "2016-08-24",
  "patchDescription": "HP XP P9000 Command View Advanced Edition Suite Software\u662f\u7f8e\u56fd\u60e0\u666e\uff08HP\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u53ef\u5bf9HP XP P9500\u3001XP Disk Array\u78c1\u76d8\u9635\u5217\u4ea7\u54c1\u8fdb\u884c\u5b58\u50a8\u7ba1\u7406\u7684\u8bbe\u5907\u7ba1\u7406\u8f6f\u4ef6\u3002\r\n\r\nHP P9000 and XP7 Command View Advanced Edition Software Suite\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HP P9000 and XP7 Command View Advanced Edition Software Suite\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "HP XP P9000 Command View Advanced Edition Software \u003c8.4.1-00"
  },
  "referenceLink": "https://www.auscert.org.au/render.html?it=37966",
  "serverity": "\u4e2d",
  "submitTime": "2016-08-23",
  "title": "HP P9000 and XP7 Command View Advanced Edition Software Suite\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2016-4378 (GCVE-0-2016-4378)

Vulnerability from cvelistv5 – Published: 2016-08-26 19:00 – Updated: 2024-08-06 00:25

Summary

The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1036686	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/92649	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:25:14.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05241355"
          },
          {
            "name": "1036686",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036686"
          },
          {
            "name": "92649",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92649"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05241355"
        },
        {
          "name": "1036686",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036686"
        },
        {
          "name": "92649",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92649"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-4378",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05241355",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05241355"
            },
            {
              "name": "1036686",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036686"
            },
            {
              "name": "92649",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92649"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-4378",
    "datePublished": "2016-08-26T19:00:00",
    "dateReserved": "2016-04-29T00:00:00",
    "dateUpdated": "2024-08-06T00:25:14.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2016-06643

CVE-2016-4378 (GCVE-0-2016-4378)

Tags

Sightings

Nomenclature