CVE-2014-2611

Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/59363	Third Party Advisory
http://www.securityfocus.com/bid/68093	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030439	Third Party Advisory VDB Entry
http://zerodayinitiative.com/advisories/ZDI-14-210/	Third Party Advisory VDB Entry
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04341295	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hp:executive_scorecard:9.40:::::::*
	cpe:2.3:a:hp:executive_scorecard:9.41:::::::*

History

No history.

Information

Published : 2014-06-19 10:50

Updated : 2019-10-09 23:10

NVD link : CVE-2014-2611

Mitre link : CVE-2014-2611

CVE.ORG link : CVE-2014-2611

JSON object : View

Products Affected

hp

executive_scorecard

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2014-2611", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-06-19T10:50:04.270", "references": [{"url": "http://secunia.com/advisories/59363", "tags": ["Third Party Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://www.securityfocus.com/bid/68093", "tags": ["Third Party Advisory", "VDB Entry"], "source": "hp-security-alert@hp.com"}, {"url": "http://www.securitytracker.com/id/1030439", "tags": ["Third Party Advisory", "VDB Entry"], "source": "hp-security-alert@hp.com"}, {"url": "http://zerodayinitiative.com/advisories/ZDI-14-210/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "hp-security-alert@hp.com"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04341295", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en la aplicaci\u00f3n web fndwar en HP Executive Scorecard 9.40 y 9.41 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario, o obtener informaci\u00f3n sensible o eliminar datos, a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como ZDI-CAN-2120."}], "lastModified": "2019-10-09T23:10:13.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:executive_scorecard:9.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "889B3BF4-4F13-4712-87C7-2D369E085DCD"}, {"criteria": "cpe:2.3:a:hp:executive_scorecard:9.41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDF9E6D5-E8ED-48E8-B92A-2D5F4923BC27"}], "operator": "OR"}]}], "sourceIdentifier": "hp-security-alert@hp.com"}