← Back

CVE-2016-4371

nvd nist
Published: Jun 19, 2016Modified: May 6, 2026

JSON object

Loading...
8.0
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.1 / Impact: 5.9
Source: NVD

Description

HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components.

Affected (48)

Hp
6 products
Service Manager
Service Manager Mobility
Service Manager Server
Service Manager Service Request Catalog
Service Manager Web Client
Service Manager Windows Client
Configuration A
48 vulnerable
Vulnerable SoftwareAffected Versions
Hp
Service Manager
Version 9.30
Service Manager
Version 9.31
Service Manager
Version 9.32
Service Manager
Version 9.33
Service Manager
Version 9.34
Service Manager
Version 9.35
Service Manager
Version 9.40
Service Manager
Version 9.41
Hp
Service Manager Mobility
Version 9.30
Service Manager Mobility
Version 9.31
Service Manager Mobility
Version 9.32
Service Manager Mobility
Version 9.33
Service Manager Mobility
Version 9.34
Service Manager Mobility
Version 9.35
Service Manager Mobility
Version 9.40
Service Manager Mobility
Version 9.41
Hp
Service Manager Server
Version 9.30
Service Manager Server
Version 9.31
Service Manager Server
Version 9.32
Service Manager Server
Version 9.33
Service Manager Server
Version 9.34
Service Manager Server
Version 9.35
Service Manager Server
Version 9.40
Service Manager Server
Version 9.41
Hp
Service Manager Service Request Catalog
Version 9.30
Service Manager Service Request Catalog
Version 9.31
Service Manager Service Request Catalog
Version 9.32
Service Manager Service Request Catalog
Version 9.33
Service Manager Service Request Catalog
Version 9.34
Service Manager Service Request Catalog
Version 9.35
Service Manager Service Request Catalog
Version 9.40
Service Manager Service Request Catalog
Version 9.41
Hp
Service Manager Web Client
Version 9.30
Service Manager Web Client
Version 9.31
Service Manager Web Client
Version 9.32
Service Manager Web Client
Version 9.33
Service Manager Web Client
Version 9.34
Service Manager Web Client
Version 9.35
Service Manager Web Client
Version 9.40
Service Manager Web Client
Version 9.41
Hp
Service Manager Windows Client
Version 9.30
Service Manager Windows Client
Version 9.31
Service Manager Windows Client
Version 9.32
Service Manager Windows Client
Version 9.33
Service Manager Windows Client
Version 9.34
Service Manager Windows Client
Version 9.35
Service Manager Windows Client
Version 9.40
Service Manager Windows Client
Version 9.41

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.