CVE-2014-2631 – Hewlett-Packard Application Lifecycle Manager DLL Planting Elevation of Privilege Vulnerability

https://notcve.org/view.php?id=CVE-2014-2631

Unspecified vulnerability in HP Application Lifecycle Management (aka Quality Center) 11.5x and 12.0x allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2138. Vulnerabilidad no especificada en HP Application Lifecycle Management (también conocido como Quality Center) 11.5x y 12.0x permite a usuarios locales ganar privilegios a través de vectores desconocidos, también conocido como ZDI-CAN-2138. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard's Application Lifecycle Management. This vulnerability requires the attacker to have an unprivileged account on the Application Lifecycle Management System. The specific flaw exists within the ACLs on a specific installed directory. Because this directory allows any user to create a file, an unprivileged attacker can place a malicious DLL on the system. • http://www.securitytracker.com/id/1030698 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04394553 •