HPE P9000 CVAE任意命令执行漏洞(CVE

HPE P9000 CVAE任意命令执行漏洞(CVE-2016-2003)


发布日期:2016-04-20
更新日期:2016-04-21

受影响系统:

HP P9000 Command View Advanced Edition 7.0.0-02 < 8.4.0-00
HP XP7 Command View Advanced Edition Suite v7.0.0-02 <  v8.4.0-00

描述:

CVE(CAN) ID: CVE-2016-2003

HP XP P9000 Command View Advanced Edition是HP XP P9500、XP Disk Array产品的多功能设备管理器。

HPE P9000 Command View Advanced Edition Software (CVAE) 7.x、8.x < 8.4.0-00, XP7 CVAE 7.x、8.x 〈 8.4.0-00存在安全漏洞,通过构造的系列化Java对象,远程攻击者可执行任意命令。

<*来源:HP
 
  链接:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085438
*>

建议:

厂商补丁:

HP
--
HP已经为此发布了一个安全公告(HPSBST03576)以及相应补丁:
HPSBST03576:HP P9000, XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager using Java Deserialization, Remote Arbitrary Code Execution
链接:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085438

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/51893aac539cb01eeb0b080696cd1fe4.html