HP Network Node Manager i < 10.20 Multiple Vulnerabilities
High Nessus Plugin ID 94933
SynopsisA web management application running on the remote host is affected by multiple vulnerabilities.
DescriptionThe HP Network Node Manager i (NNMi) server running on the remote host is a version prior to 10.20. It is, therefore, affected by multiple vulnerabilities :
- A remote code execution vulnerability exists due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this to execute arbitrary code on the target host.
- Multiple reflected cross-site scripting (XSS) vulnerabilities exist due to improper validation of input before returning it to users. An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-4399, CVE-2016-4400)
SolutionUpgrade NNMi to version 10.20 or later.