CVE-2015-2121

Name of the Vulnerable Software and Affected Versions HP Network Virtualization for LoadRunner and Performance Center versions 8.61 and 11.52

Description The issue allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component. This can be exploited by a remote attacker to access sensitive information.

Recommendations For versions 8.61 and 11.52, consider restricting access to the HttpServlet and NetworkEditorController components until a patch is available. As a temporary workaround, avoid using specially crafted URLs that could exploit this issue in the affected components. At the moment, there is no information about a newer version that contains a fix for this vulnerability.