HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-06-08
Last Updated: 2016-06-08
Potential Security Impact: Remote Disclosure of Sensitive Information, Execution of Arbitrary Commands
Source: Hewlett Packard Enterprise, HPE Product Security Response Team
VULNERABILITY SUMMARY
A potential vulnerability has been identified in Project and Portfolio Management Center. This vulnerability could be exploited to remotely to allow execution of arbitrary commands and disclosure of sensitive information.
References:
- CVE-2016-4370
- PSRT110047
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPE Project and Portfolio Management Center 9.20, 9.21, 9.22, 9.30, 9.31, 9.32
BACKGROUND
CVSS 2.0 Base Metrics
![](https://community.saas.hpe.com/legacyfs/online/images/78006i0B1B6AD3DF3D4F14/image-size/medium?v=v2&px=400" "Program Milestone.png")
RESOLUTION
HPE has provided the following mitigation information to resolve the vulnerability for the impacted versions of HPE Project and Portfolio Management Center:
- For versions 9.20, 9.21, 9.22 Please update to 9.22.0007 and contact support for a hotfix
- For versions 9.30, 9.31, 9.32 please Update to 9.32.0002
Here are some reference documents for more information related to 9.3x
HPE Project and Portfolio Management Center 9.xx Documentation List
