Vulnerability Description
HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Service Manager | 9.30 |
| Hp | Service Manager Mobility | 9.30 |
| Hp | Service Manager Server | 9.30 |
| Hp | Service Manager Service Request Catalog | 9.30 |
| Hp | Service Manager Web Client | 9.30 |
| Hp | Service Manager Windows Client | 9.30 |
Related Weaknesses (CWE)
References
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-cVendor Advisory
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-cVendor Advisory
FAQ
What is CVE-2016-4371?
CVE-2016-4371 is a vulnerability with a CVSS score of 8.0 (HIGH). HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery ...
How severe is CVE-2016-4371?
CVE-2016-4371 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4371?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Service Manager, Hp Service Manager Mobility, Hp Service Manager Server, Hp Service Manager Service Request Catalog, Hp Service Manager Web Client.