Vulnerability Details : CVE-2014-2634
Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors.
Vulnerability category: Denial of service
Products affected by CVE-2014-2634
- cpe:2.3:a:hp:service_manager:9.21:*:*:*:*:*:*:*
- cpe:2.3:a:hp:service_manager:9.30:*:*:*:*:*:*:*
- cpe:2.3:a:hp:service_manager:9.31:*:*:*:*:*:*:*
- cpe:2.3:a:hp:service_manager:9.32:*:*:*:*:*:*:*
- cpe:2.3:a:hp:service_manager:9.33:*:*:*:*:*:*:*
- cpe:2.3:a:hp:service_manager:7.21:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2634
1.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2634
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.4
|
HIGH | AV:N/AC:L/Au:N/C:N/I:C/A:C |
10.0
|
9.2
|
NIST |
References for CVE-2014-2634
-
http://www.securityfocus.com/bid/69379
HP Service Manager CVE-2014-2634 Unspecified Remote Unauthorized Access Vulnerability
-
http://www.securitytracker.com/id/1030756
HP Service Manager Bugs Let Remote Users Gain Elevated Privileges, Modify Data, and Deny Service and Conduct Cross-Site Scripting and Cross-Site Requset Forgery Attacks - SecurityTracker
-
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95450
HP Service Manager SM Server unuathorized access CVE-2014-2634 Vulnerability Report
Jump to