Vulnerability Details : CVE-2014-2609
The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116.
Vulnerability category: Execute codeBypassGain privilege
Products affected by CVE-2014-2609
- cpe:2.3:a:hp:executive_scorecard:9.40:*:*:*:*:*:*:*
- cpe:2.3:a:hp:executive_scorecard:9.41:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2609
57.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2609
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2014-2609
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2609
-
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04341295
HP Support for Technical Help and Troubleshooting | HP® Customer Service.Vendor Advisory
-
http://zerodayinitiative.com/advisories/ZDI-14-208/
ZDI-14-208 | Zero Day Initiative
-
http://www.securityfocus.com/bid/68093
HP Executive Scorecard Multiple Unspecified Remote Code Execution Vulnerabilities
-
http://www.securitytracker.com/id/1030439
HP IT Executive Scorecard Bugs Let Remote Users Traverse the Directory and Execute Arbitrary Code - SecurityTracker
Jump to