Authentication Bypass Vulnerability in HP Executive Scorecard
CVE-2014-2609

Currently unrated

Key Information:

Vendor: HP
Status: Executive Scorecard
Vendor: CVE Published:; 19 June 2014

What is CVE-2014-2609?

The Java Glassfish Admin Console in HP Executive Scorecard versions 9.40 and 9.41 is susceptible to an authentication bypass vulnerability. This flaw permits remote attackers to exploit an unauthenticated session on TCP port 10001, effectively allowing them to execute arbitrary code on affected systems. Organizations using these versions should review security practices and apply necessary updates to mitigate potential risks.

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

http://secunia.com/advisories/59363

third-party-advisoryx_refsource_SECUNIA

http://zerodayinitiative.com/advisories/ZDI-14-208/

x_refsource_MISC

EPSS Score

26% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2014
Vulnerability Reserved
Mar 24, 2014