PT-2017-3008 · Hewlett Packard · Hp Sitescope

Publicado

2017-09-21

Atualizado

2019-10-03

CVE-2017-14349

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HPE SiteScope versions 11.2x through 11.3x

Description The issue is related to inadequate access control in the HPE SiteScope product, allowing read-only accounts to view all SiteScope interfaces and monitors. This could potentially expose sensitive data. An attacker with remote access and read-only privileges may exploit this to view all interfaces and monitors, disclosing confidential information.

Recommendations For HPE SiteScope versions 11.2x through 11.3x, consider restricting access to sensitive data and monitors to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Information Disclosure

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-200CWE-269

Identificadores relacionados

BDU:2017-02361

CVE-2017-14349

Produtos afetados

Hp Sitescope

PT-2017-3008 · Hewlett Packard · Hp Sitescope

CVE-2017-14349

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6