Lucene search

HpCVE-2014-7878

HistoryNov 14, 2014 - 12:59 a.m.

CVE-2014-7878

2014-11-1400:59:02

CWE-310

web.nvd.nist.gov

cve-2014-7878

application lifecycle service

hp helion cloud development platform

security keys

remote code execution

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.062

Percentile

93.6%

JSON

The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers’ installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection.

Affected configurations

Nvd

Node

hphelion_cloud_development_platformMatch1.0commercial

hphelion_cloud_development_platformMatch1.0community

VendorProductVersionCPE
hphelion_cloud_development_platform1.0cpe:2.3:a:hp:helion_cloud_development_platform:1.0:*:*:*:commercial:*:*:*
hphelion_cloud_development_platform1.0cpe:2.3:a:hp:helion_cloud_development_platform:1.0:*:*:*:community:*:*:*

Vendor	Product	Version	CPE
hp	helion_cloud_development_platform	1.0	cpe:2.3:a:hp:helion_cloud_development_platform:1.0::::commercial:::
hp	helion_cloud_development_platform	1.0	cpe:2.3:a:hp:helion_cloud_development_platform:1.0::::community:::

References

exchange.xforce.ibmcloud.com/vulnerabilities/98636

h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04500238

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.062

Percentile

93.6%

JSON

Related for CVE-2014-7878