4 matches found
HP SiteScope Log Analyzer Information Disclosure (CVE-2015-2120)
A privilege escalation vulnerability exists in HP SiteScope. The vulnerability is due to improper validation of the log path, allowing the user to read the users.config file. A remote, authenticated attacker may exploit this vulnerability by submitting a crafted log path...
HP SiteScope Log Analysis Tool Remote Privilege Escalation (credentialed check)
The HP SiteScope application installed on the remote host is affected by a privilege escalation vulnerability due to a failure to restrict the log path within the Log Analysis Tool. A remote, authenticated attacker can exploit this flaw to read the 'users.config' file, allowing an attacker to...
[security bulletin] HPSBGN03325 rev.1 - HP SiteScope, Remote Elevation of Privilege
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04688784 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04688784 Version: 1 HPSBGN03325 rev....
CVE-2015-2120
HP SiteScope CVE-2015-2120 is a remote privilege-escalation flaw in the Log Analysis Tool that arises from improper log-path validation, allowing an authenticated remote user to read the users.config file and escalate privileges to administrator. Affected: SiteScope v11.1x (before 11.13), v11.2x ...