Authentication Vulnerability in HPE SiteScope Product
CVE-2017-14349

9.8CRITICAL

Key Information:

Vendor: HP
Status: Sitescope
Vendor: CVE Published:; 30 September 2017

🔔 Create HP Vulnerability Alert

What is CVE-2017-14349?

A security flaw exists in HPE SiteScope versions 11.2x and 11.3x that permits read-only user accounts to access all SiteScope interfaces and monitors. This vulnerability may lead to the unauthorized exposure of sensitive data, compromising the security and integrity of the monitored systems.

References

https://www.auscert.org.au/bulletins/52758

third-party-advisoryx_refsource_AUSCERT

https://softwaresupport.hpe.com/km/KM02948051

x_refsource_CONFIRM

http://www.securityfocus.com/bid/100989

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2017
Vulnerability Reserved
Sep 12, 2017

.

CVE-2017-14349 : Authentication Vulnerability in HPE SiteScope Product