Vulnerabilities > CVE-2016-4377 - Remote Code Execution vulnerability in Multiple HP Products

CVSS 7.6 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

high complexity

NVD

Published: 2016-08-22

Updated: 2016-11-28

Summary

HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Hp HP Converged Infrastructure Solution Sizer Suite * HP Insight Management Sizer * HP Power Advisor * HP SAP Sizing Tool * HP Sizer FOR Converged Systems Virtualization * HP Sizer FOR Microsoft Exchange Server 2010 * HP Sizer FOR Microsoft Exchange Server 2013 * HP Sizer FOR Microsoft Exchange Server 2016 * HP Sizer FOR Microsoft Lync Server 2013 * HP Sizer FOR Microsoft Sharepoint 2010 * HP Sizer FOR Microsoft Sharepoint 2013 * HP Sizer FOR Microsoft Skype FOR Business Server 2015 * HP Sizing Tool FOR SAP Business Suite Powered BY Hana * HP Storage Sizing Tool * HP Synergy Planning Tool *	15

Summary

Vulnerable Configurations

References