CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2015-2802
https://notcve.org/view.php?id=CVE-2015-2802
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability. Se presenta una vulnerabilidad de divulgación de información en HP SiteScope versiones 11.2 y 11.3 en Windows, Linux y Solaris, HP Asset Manager versiones 9.30 hasta 9.32, 9.40 hasta 9.41, 9.50 y Asset Manager Cloudsystem Chargeback versión 9.40, lo que podría permitir a un usuario malicioso remoto obtener información confidencial. Esta es la vulnerabilidad TLS, se conoce como la vulnerabilidad RC4 Cipher Bar Mitzvah. • http://marc.info/?l=bugtraq&m=143455780010289&w=2 http://marc.info/?l=bugtraq&m=143629738517220&w=2 http://www.securityfocus.com/bid/75258 https://packetstormsecurity.com/files/cve/CVE-2015-2802 https://securitytracker.com/id/1032599 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 89%CPEs: 3EXPL: 0CVE-2015-2120 – Hewlett-Packard SiteScope Log Analyzer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-2120
Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567. Vulnerabilidad no especificada en HP SiteScope 11.1x anterior a 11.13, 11.2x anterior a 11.24.391, y 11.3x anterior a 11.30.521 permite a usuarios remotos autenticados ganar privilegios a través de vectores desconocidos, también conocido como ZDI-CAN-2567. This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of Hewlett-Packard SiteScope. Authentication is required to exploit this vulnerability. The specific flaw exists within the Log Analysis Tool. This tool does not validate or restrict the log path allowing users to read the users.config file. • http://www.securityfocus.com/bid/74801 http://www.zerodayinitiative.com/advisories/ZDI-15-239 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04688784 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-7882
https://notcve.org/view.php?id=CVE-2014-7882
Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors. Vulnerabilidad no especificada en HP SiteScope 11.1x y 11.2x permite a usuarios remotos autenticados ganar privilegios a través de vectores desconocidos. • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04539443 http://secunia.com/advisories/62654 http://www.securityfocus.com/bid/72459 http://www.securitytracker.com/id/1031619 https://exchange.xforce.ibmcloud.com/vulnerabilities/100642 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 92%CPEs: 9EXPL: 0CVE-2014-2614 – Hewlett-Packard SiteScope EmailServlet servlet Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-2614
Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140. Vulnerabilidad no especificada en HP SiteScope 11.1x hasta 11.13 y 11.2x hasta 11.24 permite a atacantes remotos evadir la autenticación a través de vectores desconocidos, también conocido como ZDI-CAN-2140. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EmailServlet servlet. The issue lies in the ability to download arbitrary files. • http://www.securityfocus.com/bid/68361 http://www.securitytracker.com/id/1030519 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04355129 • CWE-287: Improper Authentication •