9.8

CVE-2016-8511

A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HpNetwork Automation Version9.10
HpNetwork Automation Version9.20
HpNetwork Automation Version9.22
HpNetwork Automation Version9.22.01
HpNetwork Automation Version9.22.02
HpNetwork Automation Version10.00
HpNetwork Automation Version10.00.01
HpNetwork Automation Version10.00.02
HpNetwork Automation Version10.10
HpNetwork Automation Version10.11
HpNetwork Automation Version10.11.01
HpNetwork Automation Version10.20
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.62% 0.964
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

http://www.securityfocus.com/bid/94610
Third Party Advisory
VDB Entry
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05344849
Vendor Advisory
https://www.tenable.com/security/research/tra-2016-39
Third Party Advisory