PT-2015-1373 · Hewlett Packard · Hp Nonstop Safeguard Security

Published

2015-05-25

Updated

2016-12-03

CVE-2015-2123

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HP NonStop Safeguard Security Software versions H06.x, L15.02, and J06.x through J06.18

Description The issue is related to insufficient access control for certain functions, which can be exploited by a remote attacker to gain elevated privileges using advanced access control features.

Recommendations For versions H06.x, consider restricting access to advanced access control features until a fix is available. For version L15.02, restrict the use of Expand access functionality to minimize the risk of exploitation. For versions J06.x through J06.18, avoid using the Expand access feature in the affected software until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2015-10466

CVE-2015-2123

Affected Products

Hp Nonstop Safeguard Security

PT-2015-1373 · Hewlett Packard · Hp Nonstop Safeguard Security

CVE-2015-2123

Weakness Enumeration

Related Identifiers

Affected Products

References · 4