Strix
26.1K

CVE-2016-4377

UnknownEPSS 7.20%

Last modified

CVE-2016-4377 is a vulnerability of currently unknown severity. HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors.. EPSS estimates a 7.20% chance of exploitation in the next 30 days.

Description

HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors.

Metrics

EPSS Probability
7.20%

93.5th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
HpConverged Infrastructure Solution Sizer Suite<= 2.13.0
HpInsight Management Sizer<= 16.12.0
HpPower Advisor<= 7.8.1
HpSap Sizing Tool<= 16.12.0
HpSizer For Converged Systems Virtualization<= 16.7.0
HpSizer For Microsoft Exchange Server 2010<= 16.12.0
HpSizer For Microsoft Exchange Server 2013<= 16.12.0
HpSizer For Microsoft Exchange Server 2016<= 16.12.0
HpSizer For Microsoft Lync Server 2013<= 16.12.0
HpSizer For Microsoft Sharepoint 2010<= 16.11.0
HpSizer For Microsoft Sharepoint 2013<= 16.13.0
HpSizer For Microsoft Skype For Business Server 2015<= 16.5.0
HpSizing Tool For Sap Business Suite Powered By Hana<= 16.11.0
HpStorage Sizing Tool<= 13.0
HpSynergy Planning Tool<= 3.2

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2016-4377?
HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors.
How severe is CVE-2016-4377?
Severity scoring for CVE-2016-4377 is pending analysis. The EPSS model estimates a 7.20% probability of exploitation in the next 30 days.
How do I fix CVE-2016-4377?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-4377?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST