Vulnerability Details : CVE-2015-2802
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.
Vulnerability category: Information leak
Products affected by CVE-2015-2802
- cpe:2.3:a:hp:sitescope:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:sitescope:11.30:*:*:*:*:*:*:*
- cpe:2.3:a:hp:asset_manager_cloudsystem_chargeback:9.40:*:*:*:*:*:*:*
- cpe:2.3:a:hp:asset_manager:9.30:*:*:*:*:*:*:*
- cpe:2.3:a:hp:asset_manager:9.31:*:*:*:*:*:*:*
- cpe:2.3:a:hp:asset_manager:9.32:*:*:*:*:*:*:*
- cpe:2.3:a:hp:asset_manager:9.40:*:*:*:*:*:*:*
- cpe:2.3:a:hp:asset_manager:9.41:*:*:*:*:*:*:*
- cpe:2.3:a:hp:asset_manager:9.50:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-2802
0.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-2802
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2015-2802
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2802
-
http://marc.info/?l=bugtraq&m=143455780010289&w=2
'[security bulletin] HPSBGN03350 rev.1 - HP SiteScope Using RC4, Remote Disclosure of Information' - MARCMailing List;Third Party Advisory
-
https://packetstormsecurity.com/files/cve/CVE-2015-2802
CVE-2015-2802 ≈ Packet StormThird Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=143629738517220&w=2
'[security bulletin] HPSBGN03352 rev.2 - HP Asset Manager Using RC4, Remote Disclosure of Information' - MARCMailing List;Third Party Advisory
-
https://securitytracker.com/id/1032599
HP SiteScope TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/75258
HP SiteScope Remote Unspecified Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Jump to