Cross-Site Scripting Vulnerability in HP Operations Agent from HP
CVE-2014-2647

Currently unrated

Key Information:

Vendor: HP
Status: Operations Agent
Vendor: CVE Published:; 19 October 2014

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2014-2647?

A cross-site scripting vulnerability exists in HP Operations Agent, part of HP Operations Manager, which could allow remote attackers to inject arbitrary web scripts or HTML through unspecified vectors. This flaw can be exploited to compromise the integrity and confidentiality of the user interface, potentially leading to unauthorized actions performed on behalf of unsuspecting users.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2014-2647 - Proof of Concept

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

http://www.exploit-db.com/exploits/35076

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 19, 2014
👾
Exploit known to exist
Oct 19, 2014
Vulnerability published
Oct 19, 2014
Vulnerability Reserved
Mar 24, 2014

CVE-2014-2647 Data

JSON