Lucene search

[email protected]CVE-2014-2609

HistoryJun 19, 2014 - 10:50 a.m.

CVE-2014-2609

2014-06-1910:50:04

CWE-287

[email protected]

web.nvd.nist.gov

cve-2014-2609

java

glassfish

admin console

hp executive scorecard

remote code execution

authentication

tcp port 10001

zdi-can-2116

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.572 Medium

EPSS

Percentile

97.7%

JSON

The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116.

Affected configurations

NVD

Node

hpexecutive_scorecardMatch9.40

hpexecutive_scorecardMatch9.41

CPENameOperatorVersion
hp:executive_scorecardhp executive scorecardeq9.40
hp:executive_scorecardhp executive scorecardeq9.41

CPE	Name	Operator	Version
hp:executive_scorecard	hp executive scorecard	eq	9.40
hp:executive_scorecard	hp executive scorecard	eq	9.41

References

secunia.com/advisories/59363

www.securityfocus.com/bid/68093

www.securitytracker.com/id/1030439

zerodayinitiative.com/advisories/ZDI-14-208/

h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04341295

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.572 Medium

EPSS

Percentile

97.7%

JSON

Related for CVE-2014-2609

nvd1 prion1 cvelist1 zdi1 securityvulns2