CVE-2016-2013

CWE-200 — Information Exposure CWE-94 — Code Injection34 documents18 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 51.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Network Node Manager I

Timeline

PublishedMay 7

Latest updateMay 17

Description

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDhp/network_node_manager_i6 versions+5

Patches

Patch: h20566.www2.hpe.com ↗Patch: h20566.www2.hpe.com ↗

🔴Vulnerability Details

GHSA

GHSA-46p3-6h94-2rqm: HPE Network Node Manager i (NNMi) 9↗2022-05-17

▶

GHSA

Bundler allows attacker to inject arbitrary code via secondary Gem source↗2022-05-14

▶

CVEList

CVE-2016-2013: HPE Network Node Manager i (NNMi) 9↗2016-05-07

▶

OSV

linux-lts-vivid vulnerabilities↗2016-03-14

▶

OSV

perl vulnerabilities↗2016-03-02

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Word 2013/2016 - sprmSdyaTop Denial of Service (MS16-099)↗2016-08-16

▶

Metasploit

Microsoft Exchange ProxyLogon Collector↗

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021-03-09

▶

Jenkins

Jenkins Security Advisory 2016-06-20↗2016-06-20

▶

Red Hat

JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix↗2016-04-14

▶

💬Community

Bugzilla

CVE-2013-5653 ghostscript: getenv and filenameforall ignore -dSAFER↗2016-09-29

▶

Bugzilla

CVE-2013-7458 redis: world-readable ~/.rediscli_history↗2016-08-03

▶

Bugzilla

CVE-2016-6213 kernel: Overflowing kernel mount table using shared bind mount↗2016-07-14

▶

Bugzilla

CVE-2016-3706 glibc: stack (frame) overflow in getaddrinfo() when called with AF_INET, AF_INET6 (incomplete fix for CVE-2013-4458)↗2016-04-27

▶

Bugzilla

CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)↗2016-03-23

▶