CVE-2016-10684

Name of the Vulnerable Software and Affected Versions healthcenter versions (affected versions not specified)

Description The healthcenter agent downloads binary resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. This could potentially lead to remote code execution (RCE) if an attacker intercepts the request and swaps the resources with a malicious version. The vulnerability can be exploited if the attacker has a privileged network position, allowing them to intercept and modify the response, resulting in code execution on the system running healthcenter.

Recommendations To mitigate this vulnerability, uninstall the healthcenter package and install the appmetrics package via the following commands: npm uninstall healthcenter -s npm install appmetrics -s