Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-14349

An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.

Published

2017-09-30T01:29:01.443

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hp	sitescope	11.20	Yes
Application	hp	sitescope	11.21	Yes
Application	hp	sitescope	11.22	Yes
Application	hp	sitescope	11.23	Yes
Application	hp	sitescope	11.24	Yes
Application	hp	sitescope	11.24.391	Yes
Application	hp	sitescope	11.30	Yes
Application	hp	sitescope	11.30.521	Yes
Application	hp	sitescope	11.31	Yes
Application	hp	sitescope	11.32	Yes
Application	hp	sitescope	11.33	Yes

References

http://www.securityfocus.com/bid/100989 ([email protected])
https://softwaresupport.hpe.com/km/KM02948051 ([email protected])
https://www.auscert.org.au/bulletins/52758 ([email protected])
http://www.securityfocus.com/bid/100989 (af854a3a-2127-422b-91ae-364da2661108)
https://softwaresupport.hpe.com/km/KM02948051 (af854a3a-2127-422b-91ae-364da2661108)
https://www.auscert.org.au/bulletins/52758 (af854a3a-2127-422b-91ae-364da2661108)