SB2014041903 - Multiple vulnerabilities in HPE Universal Configuration Management Database

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2014041903

SB2014041903 - Multiple vulnerabilities in HPE Universal Configuration Management Database

Published: April 19, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014041903
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Medium 60% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2014-2615)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083.


2) Input validation error (CVE-ID: CVE-2014-2616)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091.


3) Input validation error (CVE-ID: CVE-2014-2617)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104.


4) Input validation error (CVE-ID: CVE-2013-6215)

The vulnerability allows a remote #AU# to execute arbitrary code.

Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1977.


5) Input validation error (CVE-ID: CVE-2013-6214)

The vulnerability allows a remote #AU# to gain access to sensitive information.

Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.


Remediation

Install update from vendor's website.

References