CVE-2016-4360
Description
web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555.
Risk Information
Base Score
9.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score
Exploitation Probability
5.458
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in HP LoadRunner 11.52 | Windows |
| Vulnerabilities CVE-2015-6857,CVE-2016-4359,CVE-2016-4360,CVE-2016-4361 are affected in HP LoadRunner 12.00 | Windows |
| Vulnerabilities CVE-2015-6857,CVE-2016-4359,CVE-2016-4360,CVE-2016-4361 are affected in HP LoadRunner 12.01 | Windows |
| Vulnerabilities CVE-2015-6857,CVE-2016-4359,CVE-2016-4360,CVE-2016-4361 are affected in HP LoadRunner 12.02 | Windows |
| Vulnerabilities CVE-2015-6857,CVE-2016-4359,CVE-2016-4360,CVE-2016-4361 are affected in HP LoadRunner 12.50 | Windows |
| Multiple Vulnerabilities affected in loadrunner 12.50-p3 | NCM |
| Multiple Vulnerabilities affected in loadrunner 12.02-p2 | NCM |
| Multiple Vulnerabilities affected in loadrunner 12.01-p3 | NCM |
| Multiple Vulnerabilities affected in loadrunner 12.00-p1 | NCM |
| Multiple Vulnerabilities affected in performance_center 12.50-p1 | NCM |
| Multiple Vulnerabilities affected in performance_center 12.20-p2 | NCM |
| Multiple Vulnerabilities affected in performance_center 12.01-p3 | NCM |
| Multiple Vulnerabilities affected in performance_center 12.00-p1 | NCM |
| Multiple Vulnerabilities affected in performance_center 11.52-p3 | NCM |
| Vulnerabilities CVE-2016-4359 ,CVE-2016-4360 ,CVE-2016-4361 ,CVE-2017-5789 ,CVE-2017-8953 are affected in loadrunner 11.52-p3 | NCM |
| CVE-2016-4360 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234