Page 2 of 12 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability. Se presenta una vulnerabilidad de divulgación de información en HP SiteScope versiones 11.2 y 11.3 en Windows, Linux y Solaris, HP Asset Manager versiones 9.30 hasta 9.32, 9.40 hasta 9.41, 9.50 y Asset Manager Cloudsystem Chargeback versión 9.40, lo que podría permitir a un usuario malicioso remoto obtener información confidencial. Esta es la vulnerabilidad TLS, se conoce como la vulnerabilidad RC4 Cipher Bar Mitzvah. • http://marc.info/?l=bugtraq&m=143455780010289&w=2 http://marc.info/?l=bugtraq&m=143629738517220&w=2 http://www.securityfocus.com/bid/75258 https://packetstormsecurity.com/files/cve/CVE-2015-2802 https://securitytracker.com/id/1032599 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.0EPSS: 89%CPEs: 3EXPL: 0

Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567. Vulnerabilidad no especificada en HP SiteScope 11.1x anterior a 11.13, 11.2x anterior a 11.24.391, y 11.3x anterior a 11.30.521 permite a usuarios remotos autenticados ganar privilegios a través de vectores desconocidos, también conocido como ZDI-CAN-2567. This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of Hewlett-Packard SiteScope. Authentication is required to exploit this vulnerability. The specific flaw exists within the Log Analysis Tool. This tool does not validate or restrict the log path allowing users to read the users.config file. • http://www.securityfocus.com/bid/74801 http://www.zerodayinitiative.com/advisories/ZDI-15-239 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04688784 •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0

Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors. Vulnerabilidad no especificada en HP SiteScope 11.1x y 11.2x permite a usuarios remotos autenticados ganar privilegios a través de vectores desconocidos. • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04539443 http://secunia.com/advisories/62654 http://www.securityfocus.com/bid/72459 http://www.securitytracker.com/id/1031619 https://exchange.xforce.ibmcloud.com/vulnerabilities/100642 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 92%CPEs: 9EXPL: 0

Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140. Vulnerabilidad no especificada en HP SiteScope 11.1x hasta 11.13 y 11.2x hasta 11.24 permite a atacantes remotos evadir la autenticación a través de vectores desconocidos, también conocido como ZDI-CAN-2140. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EmailServlet servlet. The issue lies in the ability to download arbitrary files. • http://www.securityfocus.com/bid/68361 http://www.securitytracker.com/id/1030519 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04355129 • CWE-287: Improper Authentication •

CVSS: 9.4EPSS: 21%CPEs: 8EXPL: 0

Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of service via unknown vectors, aka ZDI-CAN-2084. Vulnerabilidad no especificada en la función loadFileContents en la implementación SOAP en HP SiteScope 10.1x, 11.1x y 11.21 permite a atacantes remotos leer archivos arbitrarios o causar una denegación de servicio a través de vectores desconocidos, también conocido como ZDI-CAN-2084. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. The issue lies in failure to require authentication to several SOAP endpoints. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435 •