2 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. HPE Asset Manager 9.40, 9.41 y 9.50 y Asset Manager CloudSystem Chargeback 9.40 permiten a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). • https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05064889 • CWE-19: Data Processing Errors •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability. Se presenta una vulnerabilidad de divulgación de información en HP SiteScope versiones 11.2 y 11.3 en Windows, Linux y Solaris, HP Asset Manager versiones 9.30 hasta 9.32, 9.40 hasta 9.41, 9.50 y Asset Manager Cloudsystem Chargeback versión 9.40, lo que podría permitir a un usuario malicioso remoto obtener información confidencial. Esta es la vulnerabilidad TLS, se conoce como la vulnerabilidad RC4 Cipher Bar Mitzvah. • http://marc.info/?l=bugtraq&m=143455780010289&w=2 http://marc.info/?l=bugtraq&m=143629738517220&w=2 http://www.securityfocus.com/bid/75258 https://packetstormsecurity.com/files/cve/CVE-2015-2802 https://securitytracker.com/id/1032599 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •