HP Universal CMDB Information Disclosure and Open Redirect Vulnerability


Description   (:A vulnerability was reported in HP Universal CMDB.:A remote attacker could exploit it via unspecified vectors in order to access sensitive information and redirect their victim to an arbitrary URL.::No further information is available.)
     
Vulnerable Products   Vulnerable Software:
Universal CMDB (HP) - 10.00, 10.01, 10.10, 10.11, 10.20
     
Solution   HP has released versions 10.01 CUP14, 10.11 CUP5 and 10.21 of Universal CMDB which fix this vulnerability.
     
CVE   CVE-2016-2001
     
References   - HPSBGN03570 rev.1 : HPE Universal CMDB, Remote Information Disclosure, URL Redirection
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05073504
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-04-06 

 Target Type 
Client 

 Possible exploit 
Remote