PT-2014-4813 · Hewlett Packard+1 · Hp Executive Scorecard+1

Published

2014-06-18

Updated

2014-06-26

CVE-2014-2609

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HP Executive Scorecard versions 9.40 through 9.41

Description The Java Glassfish Admin Console does not require authentication, allowing remote attackers to execute arbitrary code via a session on TCP port 10001.

Recommendations For versions 9.40 and 9.41, restrict access to TCP port 10001 to minimize the risk of exploitation. As a temporary workaround, consider disabling the Java Glassfish Admin Console until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2014-2609

ZDI-14-208

Affected Products

Hp Executive Scorecard

Java Glassfish Admin Console

PT-2014-4813 · Hewlett Packard+1 · Hp Executive Scorecard+1

CVE-2014-2609

Weakness Enumeration

Related Identifiers

Affected Products

References · 7