Vulnerability Details : CVE-2016-4390
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389.
Vulnerability category: Execute code
Products affected by CVE-2016-4390
- cpe:2.3:a:hp:keyview:10.19.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:keyview:10.20.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:keyview:10.21.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:keyview:10.22.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:keyview:10.23.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:keyview:10.18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:keyview:10.24.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-4390
2.77%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-4390
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
References for CVE-2016-4390
-
http://www.securityfocus.com/bid/93424
HP KeyView Multiple Unspecified Remote Code Execution Vulnerabilities
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05297477
HPSBGN03639 rev.1 - HPE KeyView, Remote Code ExecutionVendor Advisory
-
http://www.securitytracker.com/id/1036935
HPE KeyView SDK File Processing Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker
Jump to