7 matches found
CVE-2014-7883
CVE-2014-7883 affects HP Universal CMDB (UCMDB) Server/JMX Console. The vulnerability arises from access control that only protects GET/POST; an attacker can use HTTP HEAD to bypass authentication and add/obtain admin access. Public references show affected UCMDB versions (e.g., 10.10, with menti...
CVE-2014-2617
HP Universal CMDB versions 10.01 and 10.10 are affected by CVE-2014-2617, a remote code execution/ information disclosure vulnerability. The HP Security Bulletin HPSBMU03064 rev.1 attributes this to remote access with default configuration and, per companion advisories, hard-coded credentials tha...
CVE-2013-6214
HP Universal Configuration Management Database (UCMDB) Integration Service (v9.05, v10.01, v10.10) contains an unspecified vulnerability that could allow remote authenticated users to disclose information via unknown vectors (ZDI-CAN-2042). The HP security bulletin (HPSBMU02988 rev.1, 2014-04-17)...
CVE-2013-6215
HP Universal Configuration Management Database (CMDB) Integration Service vulnerability CVE-2013-6215 affects Integration Service components in HP UCMDB v10.01 and v10.10. The issue allows remote code execution via unknown vectors, reported as ZDI-CAN-1977. HP has provided patches to resolve the ...
CVE-2015-5440
HP UCMDB local information disclosure (CVE-2015-5440) affects HP UCMDB server versions 10.00, 10.01 (pre-10.01CUP12), 10.10, 10.11 (pre-10.11CUP6), and 10.2x (pre-10.21). A local attacker can obtain sensitive information via unspecified vectors; HP lists exact patch versions: 10.01CUP12 for v10.0...
CVE-2014-2615
HP Universal CMDB CVE-2014-2615 affects v10.01 and v10.10 with remote code execution and information disclosure (ZDI-CAN-2083). The related HP security bulletin HPSBMU03064 rev.1 states the vulnerabilities (CVE-2014-2615, -2616, -2617) could be exploited remotely to disclose information and execu...
CVE-2014-2616
CVE-2014-2616 affects HP Universal CMDB versions 10.01 and 10.10. The vulnerability allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors (ZDI-CAN-2091); CVSS v2 base score 7.5 (NETWORK, LOW access complexity, NO authentication). HP’s security bulle...