Vulnerability Details : CVE-2015-6857
Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138.
Vulnerability category: Execute code
Products affected by CVE-2015-6857
- cpe:2.3:a:hp:loadrunner:11.52:*:*:*:*:*:*:*
- cpe:2.3:a:hp:loadrunner:12.00:*:*:*:*:*:*:*
- cpe:2.3:a:hp:loadrunner:12.01:*:*:*:*:*:*:*
- cpe:2.3:a:hp:loadrunner:12.02:*:*:*:*:*:*:*
- cpe:2.3:a:hp:loadrunner:12.50:*:*:*:*:*:*:*
- cpe:2.3:a:hp:performance_center:12.01:p3:*:*:*:*:*:*
- cpe:2.3:a:hp:performance_center:12.20:p2:*:*:*:*:*:*
- cpe:2.3:a:hp:performance_center:12.50:p1:*:*:*:*:*:*
- cpe:2.3:a:hp:performance_center:11.52:p3:*:*:*:*:*:*
- cpe:2.3:a:hp:performance_center:12.00:p1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-6857
20.81%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-6857
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2015-6857
-
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04900820
HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code ExecutionVendor Advisory
-
http://www.securityfocus.com/bid/77946
HP LoadRunner Virtual Table Server CVE-2015-6857 Local Code Execution Vulnerability
-
http://www.securitytracker.com/id/1034259
HP LoadRunner Virtual Table Server Unspecified Bug Lets Remote Users Execute Arbitrary Code on the Target System - SecurityTracker
-
http://www.zerodayinitiative.com/advisories/ZDI-15-581
ZDI-15-581 | Zero Day Initiative
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04907374
HPSBGN03525 rev.3 - HP Performance Center Virtual Table Server, Remote Code ExecutionVendor Advisory
Jump to