CVE-2016-2017Command Injection in HP Systems Insight Manager

CWE-77Command Injection46 documents17 sources
Severity
8.1HIGHNVD
EPSS
0.7%
top 27.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
HP Matrix Operating EnvironmentHP Systems Insight Manager
Timeline
PublishedJun 8
Latest updateMay 17

Description

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

4
GHSA
GHSA-w8r7-57vj-fw38: HPE Systems Insight Manager (SIM) before 72022-05-17
OSV
subversion vulnerabilities2017-08-11
Kernel
KVM: x86: Introduce segmented_write_std2017-01-11
CVEList
CVE-2016-2017: HPE Systems Insight Manager (SIM) before 72016-06-08

💥Exploits & PoCs

2
Exploit-DB
Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation2017-12-26
Exploit-DB
Sitecore CMS 8.1 Update-3 - Cross-Site Scripting2017-03-15

📋Vendor Advisories

2
Red Hat
mysql: Incorrect input validation allowing code execution via mysqldump2017-03-09
Red Hat
salt: local_batch client external authentication not respected2017-01-20

🕵️Threat Intelligence

1
Fortinet
PHPMailer Powered – Use It, But Also Remember to Update It2017-02-16

💬Community

5
Bugzilla
CVE-2017-8281 kernel: use after free in the recvmmsg exit path2017-09-06
Bugzilla
CVE-2017-1000357 opendaylight: odl-l2switch-switch feature does not handle closed-stream error2017-05-02
Bugzilla
CVE-2016-10328 CVE-2017-7857 CVE-2017-7858 CVE-2017-7864 mingw-freetype: various flaws [epel-7]2017-04-24
Bugzilla
CVE-2016-10249 CVE-2016-10248 CVE-2017-6850 CVE-2017-6852 CVE-2016-10251 jasper: various flaws [epel-5]2017-03-21
Bugzilla
CVE-2016-6344 JBoss bpms 6.3.x cookie does not set httponly2016-08-31
CVE-2016-2017 — Command Injection in HP | cvebase