CVE-2016-4371

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
8.0HIGH
EPSS
0.1%
top 79.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
HP Service ManagerHP Service Manager MobilityHP Service Manager Server+3 more
Timeline
PublishedJun 19
Latest updateMay 17

Description

HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages6 packages

NVDhp/service_manager_server8 versions+7
NVDhp/service_manager8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-jc27-5527-jx5m: HPE Service Manager Software 92022-05-17
CVEList
CVE-2016-4371: HPE Service Manager Software 92016-06-19
CVE-2016-4371 (HIGH CVSS 8) | HPE Service Manager Software 9.30 | cvebase.io