Arbitrary Command Execution in HPE Vertica Analytics Management Console (ZDI-CAN-3417)

CVE-2016-2002 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.

Learn more about our Web Application Penetration Testing UK.