Lucene search
Andrea Micalizzi (rgod)ZDI-14-228HistoryJul 09, 2014 - 12:00 a.m.
Hewlett-Packard SiteScope EmailServlet servlet Information Disclosure Vulnerability
2014-07-0900:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
14
0.932 High
EPSS
Percentile
99.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EmailServlet servlet. The issue lies in the ability to download arbitrary files. A remote attacker can abuse this to disclose sensitive information that could result in remote code execution under the context of the process.
Related
checkpoint_advisories
checkpoint_advisories
HP SiteScope EmailServlet Information Disclosure (CVE-2014-2614)
2014-07-21 00:00:00
cvelist
cvelist
CVE-2014-2614
2014-07-07 10:00:00
nvd
nvd
CVE-2014-2614
2014-07-07 11:01:29
securityvulns
securityvulns
[security bulletin] HPSBMU03059 rev.1 - HP SiteScope, Remote Authentication Bypass
2014-10-16 00:00:00
HP SiteScope authentication bypass
2014-10-16 00:00:00
cve
cve
CVE-2014-2614
2014-07-07 11:01:29
nessus
nessus
HP SiteScope Unspecified Authentication Bypass
2014-07-09 00:00:00
prion
prion
Authentication flaw
2014-07-07 11:01:00
openvas
openvas
HP SiteScope Multiple Unspecified Vulnerabilities
2015-02-23 00:00:00