CVE-2014-2609

Currently unrated

Key Information:

Vendor: HP
Status: Executive Scorecard
Vendor: CVE Published:; 19 June 2014

Summary

The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116.

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

http://secunia.com/advisories/59363

third-party-advisoryx_refsource_SECUNIA

http://zerodayinitiative.com/advisories/ZDI-14-208/

x_refsource_MISC

EPSS Score

58% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 19, 2014
Vulnerability Reserved
Mar 24, 2014