9.21

CVSS 7.7 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

CWE-918

NVD

Published: 2016-08-08

Updated: 2016-11-28

Summary

HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Hp HP Release Control 9.21 HP Release Control 9.13 HP Release Control 9.20	3

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05219560
http://www.securityfocus.com/bid/92357
http://www.securitytracker.com/id/1036533