Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary | |
---|---|
Title | HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XSS) and Remote Script Inject |
Informations | |||
---|---|---|---|
Name | HPSBMA02674 SSRT100487 | First vendor Publication | 2011-06-07 |
Vendor | HP | Last vendor Modification | 2011-07-05 |
Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 8.3 | Attack Range | Network |
Cvss Impact Score | 8.5 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Potential security vulnerabilities have been identified in HP Service Manager and HP Service Center which may allow remote authenticated users unauthorized access, unsecured local access, remote disclosure of privileged information, HTTP session credential re-use, cross site scripting (XSS) and remote script injection. |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02863015 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
50 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 4 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
73108 | HP Service Manager / Service Center Unspecified Authenticated XSS |
73107 | HP Service Manager / Service Center Unspecified XSS |
73106 | HP Service Manager / Service Center Unspecified Remote Issue |
73105 | HP Service Manager / Service Center HTTP Credentials Unspecified Session Hija... |
73104 | HP Service Manager / Service Center Unspecified Remote Information Disclosure |
73103 | HP Service Manager / Service Center Unspecified Local Access Restriction Bypass |
73102 | HP Service Manager / Service Center Unspecified Remote Access Restriction Bypass |