CVE-2014-2609

Name of the Vulnerable Software and Affected Versions HP Executive Scorecard versions 9.40 through 9.41

Description The Java Glassfish Admin Console does not require authentication, allowing remote attackers to execute arbitrary code via a session on TCP port 10001.

Recommendations For versions 9.40 and 9.41, restrict access to TCP port 10001 to minimize the risk of exploitation. As a temporary workaround, consider disabling the Java Glassfish Admin Console until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.