3 matches found
CVE-2014-2609
The CVE affects HP Executive Scorecard (v9.40 and v9.41) where the Java Glassfish Admin Console allows unauthenticated remote code execution via a session on TCP port 10001. Root cause: authentication bypass on the Glassfish admin interface leading to arbitrary code execution under SYSTEM. Impact...
CVE-2014-2610
CVE-2014-2610 affects HP Executive Scorecard (CAP) in versions 9.40 and 9.41. The underlying issue is a directory-traversal flaw in the Content Acceleration Pack web application that allows an authenticated user to upload an executable file, enabling remote code execution. The ZDI advisory confir...
CVE-2014-2611
CVE-2014-2611 is a directory traversal vulnerability in HP Enterprise Scorecard’s fndwar web application (affecting HP Executive Scorecard v9.40 and v9.41). The flaw can allow a remote attacker to execute arbitrary code, or disclose/delete data, with the attack requiring authentication per ZDI-14...