Remote File Read Vulnerability in HP Network Virtualization
CVE-2015-2121

Currently unrated

Key Information:

Vendor: HP
Status: Network Virtualization
Vendor: CVE Published:; 25 May 2015

Summary

HP Network Virtualization for LoadRunner and Performance Center versions 8.61 and 11.52 are susceptible to a vulnerability that allows remote attackers to read arbitrarily designated files. This flaw can be exploited by crafting specific filenames in URLs, impacting the HttpServlet or NetworkEditorController components. Consequently, unauthorized access to sensitive files may occur, posing significant security risks for organizations utilizing these products.

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

http://zerodayinitiative.com/advisories/ZDI-15-192/

x_refsource_MISC

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

Timeline

Vulnerability published
May 25, 2015
Vulnerability Reserved
Feb 27, 2015