- Home
- CVEs with nessus.description==The version of HP SiteScope running on the remote host is 11.2x or 11.3x. It is, therefore, affected by multiple vulnerabilities :
- A cryptographic weakness exists in the ss_pu.jar library due to the use of hard-coded encryption keys. A local attacker can exploit this to disclose potentially sensitive information, such as user credentials in configuration files. (CVE-2017-8949)
- A cryptographic weakness exists in the ss_pu.jar library due to the use of risky or broken cryptographic algorithms. A local attacker can exploit this to disclose potentially sensitive information, such as user credentials in configuration files. (CVE-2017-8950)
- An information disclosure vulnerability exists due to credentials stored in Credential Profiles being passed in cleartext over HTTP to the client. A local attacker can exploit this to disclose sensitive information.
(CVE-2017-8951)
- A remote code execution vulnerability exists due to improper authentication of users before allowing file access when handling SOAP calls to the SiteScope service. An unauthenticated, remote attacker can exploit this to perform unauthorized actions, such as the disclosure of arbitrary files or the execution of arbitrary code. (CVE-2017-8952)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top