PT-2016-1844 · Hewlett Packard · Hpe Vertica
Published
2016-04-15
·
Updated
2025-11-19
·
CVE-2016-2002
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HPE Vertica versions 7.0.x through 7.0.2.11
HPE Vertica versions 7.1.x through 7.1.2-11
HPE Vertica versions 7.2.x through 7.2.1
Description
The issue is related to the validateAdminConfig handler in the Analytics Management Console of the HPE Vertica database management system. It is caused by a lack of input sanitization, allowing remote attackers to execute arbitrary commands through the
mcPort parameter. This can enable a remote attacker to perform unauthorized actions.Recommendations
For HPE Vertica versions 7.0.x through 7.0.2.11, update to version 7.0.2.12 or later.
For HPE Vertica versions 7.1.x through 7.1.2-11, update to version 7.1.2-12 or later.
For HPE Vertica versions 7.2.x through 7.2.1, update to version 7.2.2-1 or later.
As a temporary workaround, consider restricting access to the
mcPort parameter in the affected API endpoint until a patch is available.Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hpe Vertica