CVE-2016-2000

CWE-19CWE-399CWE-122Heap-based Buffer OverflowCWE-190Integer OverflowCWE-476NULL Pointer DereferenceCWE-416Use After FreeCWE-125Out-of-bounds Read27 documents9 sources
Severity
9.8CRITICAL
EPSS
1.1%
top 22.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
HP Asset ManagerHP Asset Manager Cloudsystem Chargeback
Timeline
PublishedApr 5
Latest updateMay 17

Description

HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDhp/asset_manager9.40, 9.41, 9.50+2

Patches

Patch: h20566.www2.hpe.comPatch: h20566.www2.hpe.com

🔴Vulnerability Details

3
GHSA
GHSA-47j5-g4fh-w4j8: HPE Asset Manager 92022-05-17
CVEList
CVE-2016-2000: HPE Asset Manager 92016-04-05
OSV
jasper vulnerabilities2016-03-03

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)2017-07-11

📋Vendor Advisories

10
Red Hat
jasper: heap buffer overflow in jpc_dec_cp_setfromcox() (rejected duplicate of CVE-2011-4516)2016-10-17
Red Hat
chromium-browser: heap overflow in pdfium2016-08-31
Red Hat
chromium-browser: heap overflow in pdfium2016-08-31
Red Hat
openjpeg: Heap overflow in parsing of JPEG2000 precincts2016-08-03
Red Hat
chromium-browser: Heap overflow in pdfium2016-08-03

💬Community

4
Bugzilla
CVE-2016-9600 jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_2017-01-04
Bugzilla
CVE-2016-2089 jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip()2016-01-28
Bugzilla
CVE-2016-1924 openjpeg: out of bounds read in opj_tgt_reset2016-01-19
Bugzilla
CVE-2015-8751 jasper: integer overflow in the jas_matrix_create() function2016-01-08
CVE-2016-2000 (CRITICAL CVSS 9.8) | HPE Asset Manager 9.40 | cvebase.io