
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
SECURITY ALERT - HPE PPM, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Comm
HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-06-08
Last Updated: 2016-06-08
Potential Security Impact: Remote Disclosure of Sensitive Information, Execution of Arbitrary Commands
Source: Hewlett Packard Enterprise, HPE Product Security Response Team
VULNERABILITY SUMMARY
A potential vulnerability has been identified in Project and Portfolio Management Center. This vulnerability could be exploited to remotely to allow execution of arbitrary commands and disclosure of sensitive information.
References:
- CVE-2016-4370
- PSRT110047
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPE Project and Portfolio Management Center 9.20, 9.21, 9.22, 9.30, 9.31, 9.32
BACKGROUND
CVSS 2.0 Base Metrics
RESOLUTION
HPE has provided the following mitigation information to resolve the vulnerability for the impacted versions of HPE Project and Portfolio Management Center:
- For versions 9.20, 9.21, 9.22 Please update to 9.22.0007 and contact support for a hotfix
- For versions 9.30, 9.31, 9.32 please Update to 9.32.0002
Here are some reference documents for more information related to 9.3x
HPE Project and Portfolio Management Center 9.xx Documentation List