CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2015-2802
https://notcve.org/view.php?id=CVE-2015-2802
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability. Se presenta una vulnerabilidad de divulgación de información en HP SiteScope versiones 11.2 y 11.3 en Windows, Linux y Solaris, HP Asset Manager versiones 9.30 hasta 9.32, 9.40 hasta 9.41, 9.50 y Asset Manager Cloudsystem Chargeback versión 9.40, lo que podría permitir a un usuario malicioso remoto obtener información confidencial. Esta es la vulnerabilidad TLS, se conoce como la vulnerabilidad RC4 Cipher Bar Mitzvah. • http://marc.info/?l=bugtraq&m=143455780010289&w=2 http://marc.info/?l=bugtraq&m=143629738517220&w=2 http://www.securityfocus.com/bid/75258 https://packetstormsecurity.com/files/cve/CVE-2015-2802 https://securitytracker.com/id/1032599 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 89%CPEs: 3EXPL: 0CVE-2015-2120 – Hewlett-Packard SiteScope Log Analyzer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-2120
Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567. Vulnerabilidad no especificada en HP SiteScope 11.1x anterior a 11.13, 11.2x anterior a 11.24.391, y 11.3x anterior a 11.30.521 permite a usuarios remotos autenticados ganar privilegios a través de vectores desconocidos, también conocido como ZDI-CAN-2567. This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of Hewlett-Packard SiteScope. Authentication is required to exploit this vulnerability. The specific flaw exists within the Log Analysis Tool. This tool does not validate or restrict the log path allowing users to read the users.config file. • http://www.securityfocus.com/bid/74801 http://www.zerodayinitiative.com/advisories/ZDI-15-239 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04688784 •