Authentication Vulnerability in HPE SiteScope Product
CVE-2017-14349

9.8CRITICAL

Key Information:

Vendor

HP
Status
Sitescope
Vendor
CVE Published:
30 September 2017

What is CVE-2017-14349?

A security flaw exists in HPE SiteScope versions 11.2x and 11.3x that permits read-only user accounts to access all SiteScope interfaces and monitors. This vulnerability may lead to the unauthorized exposure of sensitive data, compromising the security and integrity of the monitored systems.

References

https://www.auscert.org.au/bulletins/52758
third-party-advisoryx_refsource_AUSCERT
https://softwaresupport.hpe.com/km/KM02948051
x_refsource_CONFIRM
http://www.securityfocus.com/bid/100989
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.