virus logo Intrusion Prevention

HPE.Vertica.ValidateAdminConfig.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Command Injection vulnerability in HP Enterprise Vertica.
The vulnerability is caused by an improper validation of user supplied data when the vulnerable application handles a maliciously crafted request. An attacker can exploit this to execute arbitrary commands in the context of the vulnerable application via a crafted request.

affected-products-logoAffected Products

HPE Vertica 7.0.x prior to 7.0.2.12
HPE Vertica 7.1.x prior to 7.1.2-12
HPE Vertica 7.2.x prior to 7.2.2-1

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c05085303

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-11-09 16.958 Name:HP.
Enterprise.
Vertica.
ValidateAdminConfig.
Command.
Injection:HPE.
Vertica.
ValidateAdminConfig.
Command.
Injection
2019-06-10 14.629 Severity:high:critical
ID 42355
Created May 03, 2016
Updated Nov 06, 2020
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2016-2002
Exploit Prediction Score 90.38%
Default Action drop
Active
Affected OS Linux
Affected App HP