HPE Business Service Management (BSM) – Reflected XSS (CVE-2016-4392)

Posted on Updated on

Product & Service Introduction;

HP Business Service Management (BSM) is an end-to-end management solution that integrates network, server, application and business transaction monitoring. HP Business Service Management is developed and marketed by the HP Software Division.

Release Date;

21 Oct 2016

Affected Product;

HP Business Service Management Software 9.1x, 9.20 - 9.25IP1

Abstract Advisory Information;

Ugur Cihan Koc discovered a Reflected XSS vulnerability in HPE BSM

Vulnerability Disclosure Timeline;

27 Nov 2015     Bug reported to the vendor.
03 Dec 2015     Asked about the case.
21 Oct 2016     Fixed
25 Oct 2016     Discloused

Exploitation Technique;

Remote, Authenticated



Affected Parameter;


Exploitable URL;


Solution Fix & Patch;


POC Video;


Credits & Authors;

Ugur Cihan Koc



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s