CNVD-2016-02521

Vulnerability from cnvd - Published: 2016-04-26
VLAI Severity ?
Title
HPE P9000 CVAE任意命令执行漏洞
Description
HP XP P9000 Command View Advanced Edition是HP XP P9500、XP Disk Array产品的多功能设备管理器。 HPE P9000 Command View Advanced Edition Software (CVAE)和XP7 CVAE存在安全漏洞,通过构造的系列化Java对象,远程攻击者可执行任意命令。
Severity
Patch Name
HPE P9000 CVAE任意命令执行漏洞的补丁
Patch Description
HP XP P9000 Command View Advanced Edition是HP XP P9500、XP Disk Array产品的多功能设备管理器。 HPE P9000 Command View Advanced Edition Software (CVAE)和XP7 CVAE存在安全漏洞,通过构造的系列化Java对象,远程攻击者可执行任意命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085438

Reference
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085438
Impacted products
Name
['HP P9000 Command View Advanced Edition 7.0.0-02<8.4.0-00', 'HP XP7 Command View Advanced Edition Suite 7.0.0-02<8.4.0-00']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-2003"
    }
  },
  "description": "HP XP P9000 Command View Advanced Edition\u662fHP XP P9500\u3001XP Disk Array\u4ea7\u54c1\u7684\u591a\u529f\u80fd\u8bbe\u5907\u7ba1\u7406\u5668\u3002\r\n\r\nHPE P9000 Command View Advanced Edition Software (CVAE)\u548cXP7 CVAE\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u901a\u8fc7\u6784\u9020\u7684\u7cfb\u5217\u5316Java\u5bf9\u8c61\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "HP",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085438",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02521",
  "openTime": "2016-04-26",
  "patchDescription": "HP XP P9000 Command View Advanced Edition\u662fHP XP P9500\u3001XP Disk Array\u4ea7\u54c1\u7684\u591a\u529f\u80fd\u8bbe\u5907\u7ba1\u7406\u5668\u3002\r\n\r\nHPE P9000 Command View Advanced Edition Software (CVAE)\u548cXP7 CVAE\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u901a\u8fc7\u6784\u9020\u7684\u7cfb\u5217\u5316Java\u5bf9\u8c61\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HPE P9000 CVAE\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "HP P9000 Command View Advanced Edition 7.0.0-02\u003c8.4.0-00",
      "HP XP7 Command View Advanced Edition Suite 7.0.0-02\u003c8.4.0-00"
    ]
  },
  "referenceLink": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085438",
  "serverity": "\u9ad8",
  "submitTime": "2016-04-21",
  "title": "HPE P9000 CVAE\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.