HP Converged Infrastructure Solution Sizer Suite 2.13.0 Execute Code Vulnerability
27 Oct. 2016
Summary
A potential security vulnerability has been identified in HPE Enterprise Solution Sizers and Storage Sizer running Smart Update. The vulnerability could be exploited remotely to allow arbitrary code execution.
Vulnerable Systems:
* HP Converged Infrastructure Solution Sizer Suite 2.13.0
* HP Insight Management Sizer 16.12.0
* HP Power Advisor 7.8.1
* HP Sap Sizing Tool 16.12.0
* HP Sizer For Converged Systems Virtualization 16.7.0
* HP Sizer For Microsoft Exchange Server 2010 16.12.0
* HP Sizer For Microsoft Exchange Server 2013 16.12.0
* HP Sizer For Microsoft Exchange Server 2016 16.12.0
* HP Sizer For Microsoft Lync Server 2013 16.12.0
* HP Sizer For Microsoft Sharepoint 2010 16.11.0
* HP Sizer For Microsoft Sharepoint 2013 16.13.0
* HP Sizer For Microsoft Skype For Business Server 2015 16.5.0
* HP Sizing Tool For Sap Business Suite Powered By Hana 16.11.0
* HP Storage Sizing Tool 13
* HP Synergy Planning Tool 3.2
HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via vectors.