CVE-2016-2018

CWE-79 — Cross-site Scripting (XSS)CWE-200 — Information Exposure33 documents14 sources

Severity

9.1CRITICAL

EPSS

1.5%

top 18.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Matrix Operating Environment HP Systems Insight Manager

Timeline

PublishedJun 8

Latest updateMay 17

Description

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶NVDhp/systems_insight_manager7.5

▶NVDhp/matrix_operating_environment7.5

🔴Vulnerability Details

GHSA

GHSA-g966-m6g2-4hf9: HPE Systems Insight Manager (SIM) before 7↗2022-05-17

▶

OSV

openssh vulnerabilities↗2018-11-06

▶

CVEList

CVE-2016-2018: HPE Systems Insight Manager (SIM) before 7↗2016-06-08

▶

💥Exploits & PoCs

Exploit-DB

Foxit Reader 9.0.1.1049 - Arbitrary Code Execution↗2020-11-27

▶

Exploit-DB

Adobe ColdFusion 2018 - Arbitrary File Upload↗2018-12-11

▶

Exploit-DB

Phoenix Contact WebVisit 6.40.00 - Password Disclosure↗2018-10-11

▶

Exploit-DB

Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal↗2018-08-30

▶

Exploit-DB

Zimbra 8.6.0_GA_1153 - Cross-Site Scripting↗2018-08-10

▶

📋Vendor Advisories

Red Hat

ghostscript: status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files↗2016-10-05

▶

Red Hat

bootstrap: XSS in the data-target attribute↗2016-06-27

▶

💬Community

Bugzilla

CVE-2018-11766 hadoop: Privilege escalation to root (Incomplete fix for CVE-2016-6811) [fedora-all]↗2018-11-28

▶

Bugzilla

CVE-2018-1067 wildfly: undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) [fedora-all]↗2018-06-19

▶

Bugzilla

CVE-2017-12189 jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)↗2017-10-09

▶