VAR-201608-0291
Vulnerability from variot - Updated: 2023-12-18 13:48The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors. Multiple HP Products are prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0291",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xp7 command view",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "8.4.0"
},
{
"model": "xp 9000 command view",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "8.4.0"
},
{
"model": "hpe xp p9000 command view",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "advanced edition software 8.4.1-00"
},
{
"model": "hpe xp7 command view advanced edition suite",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "8.4.1-00"
},
{
"model": "xp7 command view",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "8.4.0"
},
{
"model": "xp 9000 command view",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "8.4.0"
},
{
"model": "xp7 command view advanced edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.4.0-00"
},
{
"model": "xp7 command view advanced edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0.0-02"
},
{
"model": "xp p9000 command view advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.4.0-00"
},
{
"model": "xp p9000 command view advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0-02"
},
{
"model": "xp p9000 command view advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0-00"
},
{
"model": "xp p9000 command view advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1-00"
},
{
"model": "xp p9000 command view advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.0-00"
},
{
"model": "xp p9000 command view advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1-00"
},
{
"model": "xp p9000 command view advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0.0-02"
},
{
"model": "xp p9000 command view advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0.0-00"
},
{
"model": "xp7 command view advanced edition suite",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "8.4.1-00"
},
{
"model": "xp p9000 tiered storage manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "8.4.1-00"
},
{
"model": "xp p9000 replication manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "8.4.1-00"
},
{
"model": "xp p9000 command view advanced edition",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "8.4.1-00"
}
],
"sources": [
{
"db": "BID",
"id": "92649"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004477"
},
{
"db": "NVD",
"id": "CVE-2016-4378"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-467"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:xp_9000_command_view:*:*:*:*:advanced:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4378"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported the issue.",
"sources": [
{
"db": "BID",
"id": "92649"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4378",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4378",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4378",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4378",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-467",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004477"
},
{
"db": "NVD",
"id": "CVE-2016-4378"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-467"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors. Multiple HP Products are prone to a remote information-disclosure vulnerability. \nRemote attackers can exploit this issue to obtain sensitive information that may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4378"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004477"
},
{
"db": "BID",
"id": "92649"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4378",
"trust": 2.7
},
{
"db": "BID",
"id": "92649",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1036686",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004477",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-467",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "92649"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004477"
},
{
"db": "NVD",
"id": "CVE-2016-4378"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-467"
}
]
},
"id": "VAR-201608-0291",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.23809524
},
"last_update_date": "2023-12-18T13:48:46.970000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBST03636",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05241355"
},
{
"title": "HPE XP P9000 Command View Advanced Edition and XP7 Command View Advanced Edition Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63790"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004477"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-467"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004477"
},
{
"db": "NVD",
"id": "CVE-2016-4378"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/92649"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05241355"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1036686"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4378"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4378"
},
{
"trust": 0.3,
"url": "http://www.hp.com/"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05241355"
}
],
"sources": [
{
"db": "BID",
"id": "92649"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004477"
},
{
"db": "NVD",
"id": "CVE-2016-4378"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-467"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "92649"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004477"
},
{
"db": "NVD",
"id": "CVE-2016-4378"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-467"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-25T00:00:00",
"db": "BID",
"id": "92649"
},
{
"date": "2016-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004477"
},
{
"date": "2016-08-26T19:59:07.883000",
"db": "NVD",
"id": "CVE-2016-4378"
},
{
"date": "2016-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-467"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-25T00:00:00",
"db": "BID",
"id": "92649"
},
{
"date": "2016-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004477"
},
{
"date": "2016-11-28T20:17:41.397000",
"db": "NVD",
"id": "CVE-2016-4378"
},
{
"date": "2016-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-467"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-467"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HPE XP P9000 CVAE Software and XP7 CVAE Suite Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004477"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-467"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…