Executive Summary

Summary
Title HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information
Informations
Name HPSBMU02736 SSRT100699 First vendor Publication 2011-12-18
Vendor HP Last vendor Modification 2012-02-06
Severity (Vendor) N/A Revision 2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Potential security vulnerabilities have been identified with HP Business Availability Center (BAC) and Business Service Management (BSM) . The vulnerabilities could be remotely exploited to allow unauthorized access to sensitive information.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03127140

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4
Application 46

OpenVAS Exploits

Date Description
2010-04-28 Name : JBoss Enterprise Application Platform Multiple Vulnerabilities
File : nvt/gb_JBoss_enterprise_aplication_server_39710.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
64173 JBoss Enterprise Application Platform Status Servlet Authentication Bypass

64172 JBoss Enterprise Application Platform /web-console HTTP Request Information D...

47551 JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Inf...

Information Assurance Vulnerability Management (IAVM)

Date Description
2010-05-27 IAVM : 2010-B-0042 - Multiple Vulnerabilities in JBoss Enterprise Application Platform
Severity : Category I - VMSKEY : V0024203

Nessus® Vulnerability Scanner

Date Description
2014-12-22 Name : The remote device is affected by multiple vulnerabilities.
File : juniper_space_jsa10627.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0825.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0826.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0827.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0828.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0376.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0377.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0378.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0379.nasl - Type : ACT_GATHER_INFO
2010-04-29 Name : The remote web server is configured insecurely, leaving it vulnerable to secu...
File : jboss_eap_jmx_console_auth_bypass.nasl - Type : ACT_GATHER_INFO
2008-08-13 Name : The remote web server contains a servlet that is affected by an information d...
File : jboss_eap_info_disclosure_vuln.nasl - Type : ACT_ATTACK