PT-2017-3008 · Hewlett Packard · Hp Sitescope

Published

2017-09-21

Updated

2019-10-03

CVE-2017-14349

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HPE SiteScope versions 11.2x through 11.3x

Description The issue is related to inadequate access control in the HPE SiteScope product, allowing read-only accounts to view all SiteScope interfaces and monitors. This could potentially expose sensitive data. An attacker with remote access and read-only privileges may exploit this to view all interfaces and monitors, disclosing confidential information.

Recommendations For HPE SiteScope versions 11.2x through 11.3x, consider restricting access to sensitive data and monitors to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Information Disclosure

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-200CWE-269

Related Identifiers

BDU:2017-02361

CVE-2017-14349

Affected Products

Hp Sitescope

PT-2017-3008 · Hewlett Packard · Hp Sitescope

CVE-2017-14349

Weakness Enumeration

Related Identifiers

Affected Products

References · 6