CVE-2016-4377

HIGH

HPE Converged Infrastructure Solution Sizer Suite < 2.13.0 - Remote Code Execution

Title source: llm

Description

HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors.

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/92479

Mitigation, Vendor Advisory x_refsource_confirm

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05237578

Scores

CVSS v3 8.1

EPSS 0.1689

EPSS Percentile 95.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (15)

hp/converged_infrastructure_solution_sizer_suite < 2.13.0

hp/insight_management_sizer < 16.12.0

hp/power_advisor < 7.8.1

hp/sap_sizing_tool < 16.12.0

hp/sizer_for_converged_systems_virtualization < 16.7.0

hp/sizer_for_microsoft_exchange_server_2010 < 16.12.0

hp/sizer_for_microsoft_exchange_server_2013 < 16.12.0

hp/sizer_for_microsoft_exchange_server_2016 < 16.12.0

hp/sizer_for_microsoft_lync_server_2013 < 16.12.0

hp/sizer_for_microsoft_sharepoint_2010 < 16.11.0

... and 5 more

Published Aug 22, 2016

Tracked Since Feb 18, 2026