Access Bypass in HP XP7 Command View Advance Edition - CVE-2016-4381
Published: September 1, 2016 / Updated: October 3, 2016
Vulnerability identifier: #VU715
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4381
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: HP XP7 Command View
Affected software:
HP XP7 Command View Advance Edition
HP XP7 Command View Advance Edition
Detailed vulnerability description
The vulnerability allows a local user to bypass access limitations on the target system.
The weakness exists due to insufficient access control that allows a malicious user to bypass security restrictions.
Successful exploitation of the vulnerability may result in attacker's access to the vulnerable system with no permission and further attacks.
The weakness exists due to insufficient access control that allows a malicious user to bypass security restrictions.
Successful exploitation of the vulnerability may result in attacker's access to the vulnerable system with no permission and further attacks.
How to mitigate CVE-2016-4381
Update to 8.4.1-02.