SB2023032903 - Multiple vulnerabilities in HP Operations Manager for Windows
Published: March 29, 2023
Security Bulletin ID
SB2023032903
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Man-in-the-middle attack (CVE-ID: CVE-2015-4000)
The vulnerability allows a remote attacker to decrypt TLS connections in certain situations.The vulnerability exists due to boundary error when parsing HTTP requests. A remote unauthenticated attacker can conduct a man-in-the-middle attack that can lead to the target system to downgrade the Diffie-Hellman algorithm to 512-bit export-grade cryptography.
Successful exploitation of this vulnerability may result in modification of authentication information
2) Information disclosure (CVE-ID: CVE-2015-2808)
The vulnerability allows a remote attacker to obtain potentially sensitive information communicated by target system.The vulnerability exists due to access control error. A remote unauthenticated attacker can obtain RC4 encrypted data and conduct a brute-force key guessing attack by monitoring TLS network traffic.
Successful exploitation of this vulnerability may result in disclosure of system information.
Remediation
Install update from vendor's website.