Информационная безопасность
[RU] switch to English


Уязвимости безопасности в HP Software Executive Scorecard
Опубликовано:19 июня 2014 г.
Источник:
SecurityVulns ID:13851
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполнение кода, обратный путь в каталогах.
Затронутые продукты:HP : HP Executive Scorecard 9.41
CVE:CVE-2014-2611 (Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120.)
 CVE-2014-2610 (Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117.)
 CVE-2014-2609 (The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU03048 rev.1 - HP Software Executive Scorecard, Remote Execution of Code, Directory Traversal (19.06.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород