Project and Portfolio Management Practitioners Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

SECURITY ALERT - HPE PPM, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Comm

Highlighted
CyCLoPs
HPE Expert

SECURITY ALERT - HPE PPM, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Comm

HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2016-06-08

Last Updated: 2016-06-08

Potential Security Impact: Remote Disclosure of Sensitive Information, Execution of Arbitrary Commands

Source: Hewlett Packard Enterprise, HPE Product Security Response Team

VULNERABILITY SUMMARY

A potential vulnerability has been identified in Project and Portfolio Management Center. This vulnerability could be exploited to remotely to allow execution of arbitrary commands and disclosure of sensitive information.

References:

  • CVE-2016-4370
  • PSRT110047

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HPE Project and Portfolio Management Center 9.20, 9.21, 9.22, 9.30, 9.31, 9.32

BACKGROUND

CVSS 2.0 Base Metrics

Program Milestone.png

RESOLUTION

HPE has provided the following mitigation information to resolve the vulnerability for the impacted versions of HPE Project and Portfolio Management Center:

  • For versions 9.20, 9.21, 9.22 Please update to 9.22.0007  and contact support for a hotfix
  • For versions 9.30, 9.31, 9.32 please Update to 9.32.0002

 

Here are some reference documents for more information related to 9.3x

HPE Project and Portfolio Management Center 9.xx Documentation List

Overview of Project and Portfolio Management 9.3x Releases 

 

//Add this to "OnDomLoad" event