CVE-2016-2002

Name of the Vulnerable Software and Affected Versions HPE Vertica versions 7.0.x through 7.0.2.11 HPE Vertica versions 7.1.x through 7.1.2-11 HPE Vertica versions 7.2.x through 7.2.1

Description The issue is related to the validateAdminConfig handler in the Analytics Management Console of the HPE Vertica database management system. It is caused by a lack of input sanitization, allowing remote attackers to execute arbitrary commands through the mcPort parameter. This can enable a remote attacker to perform unauthorized actions.

Recommendations For HPE Vertica versions 7.0.x through 7.0.2.11, update to version 7.0.2.12 or later. For HPE Vertica versions 7.1.x through 7.1.2-11, update to version 7.1.2-12 or later. For HPE Vertica versions 7.2.x through 7.2.1, update to version 7.2.2-1 or later. As a temporary workaround, consider restricting access to the mcPort parameter in the affected API endpoint until a patch is available.