8.7 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:P/A:C
0.902 High
EPSS
Percentile
98.8%
This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of Hewlett-Packard SiteScope. Authentication is required to exploit this vulnerability. The specific flaw exists within the Log Analysis Tool. This tool does not validate or restrict the log path allowing users to read the users.config file. A remote attacker can leverage this vulnerability to escalate privileges from the user to administrator role.