2016 VULNERABILITY DATABASE
CVE-2016-4369
Summary: HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Published: 6/8/2016 11:00:01 AM
CVE-2016-4368
Summary: HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Published: 6/8/2016 10:59:59 AM
CVE-2016-4367
Summary: The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.
Published: 6/8/2016 10:59:57 AM
CVE-2016-4366
Summary: HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
Published: 6/8/2016 10:59:55 AM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 7.5 HIGH
CVE-2016-4365
Summary: HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.
Published: 6/8/2016 10:59:53 AM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-4364
Summary: HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors.
Published: 6/8/2016 10:59:51 AM
CVSS Severity: v3 - 8.4 HIGH v2 - 7.2 HIGH
CVE-2016-4363
Summary: HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors.
Published: 6/8/2016 10:59:49 AM
CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-4362
Summary: HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
Published: 6/8/2016 10:59:48 AM
CVSS Severity: v3 - 8.1 HIGH v2 - 5.5 MEDIUM
CVE-2016-4361
Summary: HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors.
Published: 6/8/2016 10:59:46 AM
CVE-2016-4360
Summary: HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to modify data or cause a denial of service via unspecified vectors, aka ZDI-CAN-3555.
Published: 6/8/2016 10:59:42 AM
CVE-2016-4359
Summary: HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors, aka ZDI-CAN-3516.
Published: 6/8/2016 10:59:37 AM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 7.5 HIGH
CVE-2016-4358
Summary: HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029.
Published: 6/8/2016 10:59:36 AM
CVSS Severity: v3 - 8.1 HIGH v2 - 4.8 MEDIUM
CVE-2016-4357
Summary: HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.
Published: 6/8/2016 10:59:34 AM
CVSS Severity: v3 - 8.1 HIGH v2 - 7.5 HIGH
CVE-2016-2078
Summary: Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via a Flash parameter.
Published: 6/8/2016 10:59:33 AM
CVE-2016-2030
Summary: HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022.
Published: 6/8/2016 10:59:31 AM
CVSS Severity: v3 - 8.1 HIGH v2 - 5.5 MEDIUM
CVE-2016-2029
Summary: HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358.
Published: 6/8/2016 10:59:30 AM
CVSS Severity: v3 - 9.1 CRITICAL v2 - 6.4 MEDIUM
CVE-2016-2028
Summary: HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.
Published: 6/8/2016 10:59:29 AM
CVSS Severity: v3 - 8.1 HIGH v2 - 5.5 MEDIUM
CVE-2016-2027
Summary: HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.
Published: 6/8/2016 10:59:27 AM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-2026
Summary: HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.
Published: 6/8/2016 10:59:25 AM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-2024
Summary: HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
Published: 6/8/2016 10:59:24 AM