HPE P9000 CVAE任意命令执行漏洞(CVE-2016-2003)
发布日期:2016-04-20
更新日期:2016-04-21
受影响系统:
HP XP7 Command View Advanced Edition Suite v7.0.0-02 < v8.4.0-00
描述:
CVE(CAN) ID: CVE-2016-2003
HP XP P9000 Command View Advanced Edition是HP XP P9500、XP Disk Array产品的多功能设备管理器。
HPE P9000 Command View Advanced Edition Software (CVAE) 7.x、8.x < 8.4.0-00, XP7 CVAE 7.x、8.x 〈 8.4.0-00存在安全漏洞,通过构造的系列化Java对象,远程攻击者可执行任意命令。
<*来源:HP
链接:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085438
*>
建议:
厂商补丁:
HP
--
HP已经为此发布了一个安全公告(HPSBST03576)以及相应补丁:
HPSBST03576:HP P9000, XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager using Java Deserialization, Remote Arbitrary Code Execution
链接:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085438