CVE-2016-4377

high-risk
Published 2016-08-22

HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors.

Do I need to act?

!
16.9% chance of exploitation in next 30 days
EPSS score — higher than 83% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / HIGH complexity

Affected Products (15)

Affected Vendors

Hp

References (4)

http://www.securityfocus.com/bid/92479
Mitigation https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05237578
http://www.securityfocus.com/bid/92479
Mitigation https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05237578
55
/ 100
high-risk
Severity 24/34 · High
Exploitability 13/34 · Low
Exposure 18/34 · Moderate