Vulnerabilites related to hp - loadrunner
Vulnerability from fkie_nvd
Published
2014-04-19 04:49
Modified
2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | loadrunner | 11.0.0.0 | |
| hp | loadrunner | 11.50 | |
| hp | loadrunner | 11.51 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1CBFD6-27CF-4C2A-82ED-8541081577F9",
"versionEndIncluding": "11.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34A09069-BD15-4DBD-BB9E-CD411974708E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.50:*:*:*:*:*:*:*",
"matchCriteriaId": "788E6444-45F2-40B5-8C4C-8A68E42AC5E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.51:*:*:*:*:*:*:*",
"matchCriteriaId": "4703296E-854E-40AA-A6F6-CD1787D37FB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Virtual User Generator en HP LoadRunner anterior a 11.52 Patch 1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos, tambi\u00e9n conocido como ZDI-CAN-1833."
}
],
"id": "CVE-2013-6213",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-19T04:49:24.740",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-15 22:29
Modified
2024-11-21 03:35
Severity ?
Summary
A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://www.securitytracker.com/id/1038867 | Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | http://www.securitytracker.com/id/1038868 | Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03764en_us | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038867 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038868 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03764en_us | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | performance_center | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0458950F-9181-4A1A-8CEF-E41425A347AA",
"versionEndIncluding": "12.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1D654F-0D62-46CB-BEBC-3BB68A097FF4",
"versionEndIncluding": "12.53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de Cross-Site Scripting (XSS) remoto en HPE LoadRunner en versiones v12.53 y anteriores y en HPE Performance Center en versiones v12.53 y anteriores."
}
],
"id": "CVE-2017-8953",
"lastModified": "2024-11-21T03:35:03.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-15T22:29:08.077",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038867"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038868"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03764en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03764en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-15 22:29
Modified
2024-11-21 02:59
Severity ?
Summary
A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | - | |
| hp | performance_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:-:*:*:*:*:*:*:*",
"matchCriteriaId": "414E265C-F338-4791-A36B-7684838BDC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019D99EA-89BE-478B-B9A1-ECEFD1C90623",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en todas las versiones de HPE LoadRunner and Performance Center."
}
],
"id": "CVE-2016-8512",
"lastModified": "2024-11-21T02:59:30.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-15T22:29:00.480",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05354136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05354136"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-02 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a .usr (aka Virtual User script) file with long directives.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A48CF3-5D85-41E7-83A6-10E92641D2F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a .usr (aka Virtual User script) file with long directives."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en HP LoadRunner permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda dle demonio) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero .usr (tambi\u00e9n conocido como secuencia de comandos de usuario Virtual) con directivas demasiado largas."
}
],
"id": "CVE-2011-2328",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-02T20:55:03.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/987308"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/48073"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/987308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67783"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-26 03:59
Modified
2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | 11.52 | |
| hp | loadrunner | 12.00 | |
| hp | loadrunner | 12.01 | |
| hp | loadrunner | 12.02 | |
| hp | loadrunner | 12.50 | |
| hp | performance_center | 11.52 | |
| hp | performance_center | 12.00 | |
| hp | performance_center | 12.01 | |
| hp | performance_center | 12.20 | |
| hp | performance_center | 12.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.52:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B837F9-5DFF-4A70-B37C-884606588B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E94489-CB38-41D9-B32A-1D1604603FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.01:*:*:*:*:*:*:*",
"matchCriteriaId": "713F0521-EAF2-461D-988F-495D4118263F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.02:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0F7240-AF85-44DA-BDFC-2F252FBCB70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.50:*:*:*:*:*:*:*",
"matchCriteriaId": "D1911106-CA9E-421F-94AB-27B33378129B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:performance_center:11.52:p3:*:*:*:*:*:*",
"matchCriteriaId": "4BACEBCB-93A4-4C8C-90DD-3D233BF9B128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.00:p1:*:*:*:*:*:*",
"matchCriteriaId": "27EAC034-46D2-41A8-A3F5-7ABDCC7E9457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.01:p3:*:*:*:*:*:*",
"matchCriteriaId": "B0DEA9F8-EF3D-4C7F-B6B9-F9A33341E9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.20:p2:*:*:*:*:*:*",
"matchCriteriaId": "F7FCF452-A5B1-4CB5-BD02-785670A04E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.50:p1:*:*:*:*:*:*",
"matchCriteriaId": "235AB949-A179-48FC-BFAA-7796578E430D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Virtual Table Server (VTS) en HP LoadRunner 11.52, 12.00, 12.01, 12.02 y 12.50 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos, tambi\u00e9n conocida como ZDI-CAN-3138."
}
],
"id": "CVE-2015-6857",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-26T03:59:02.053",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/77946"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034259"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-581"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04900820"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04907374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04900820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04907374"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-04 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | loadrunner | 9.0.0 | |
| hp | loadrunner | 9.50.0 | |
| hp | loadrunner | 9.51 | |
| hp | loadrunner | 9.52 | |
| hp | loadrunner | 11.0.0.0 | |
| hp | loadrunner | 11.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA7236-36E7-492B-AA2B-BA5A13B6A9F5",
"versionEndIncluding": "11.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53CE3772-07F9-4D93-A00C-460539B09421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.50.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3DB6B7-405D-4925-9BB3-3E14247886C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "41BD0892-484B-4A86-83AF-09AEB62A67A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.52:*:*:*:*:*:*:*",
"matchCriteriaId": "77B188D2-A07C-427E-BDFB-DB95655CD87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34A09069-BD15-4DBD-BB9E-CD411974708E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.50:*:*:*:*:*:*:*",
"matchCriteriaId": "788E6444-45F2-40B5-8C4C-8A68E42AC5E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Virtual User Generator de HP LoadRunner antes 11.52 que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos, tambi\u00e9n conocido como ZDI-CAN-1832."
}
],
"id": "CVE-2013-4837",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-04T16:55:04.920",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-27 22:46
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| groove | virtual_office | * | |
| hp | loadrunner | * | |
| persits | xupload | 2.1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:groove:virtual_office:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8FD2C0-BE34-46B2-BEAA-6D556BF0655F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A48CF3-5D85-41E7-83A6-10E92641D2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:persits:xupload:2.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "425A282C-85D0-4BF4-8514-9BCD0740B346",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el control ActiveX XUpload.ocx de Persits Software XUpload 2.1.0.1, y probablemente versiones anteriores a 3.0, tal y como se usa en HP Mercury LoadRunner y Groove Virtual Office, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un argumento largo en la funci\u00f3n AddFolder."
}
],
"id": "CVE-2007-6530",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-27T22:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=119863639428564\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39901"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28145"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28205"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28218"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27025"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019147"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=119863639428564\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4310"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-08 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | 11.52 | |
| hp | loadrunner | 12.00 | |
| hp | loadrunner | 12.01 | |
| hp | loadrunner | 12.02 | |
| hp | loadrunner | 12.50 | |
| hp | performance_center | 11.52 | |
| hp | performance_center | 12.00 | |
| hp | performance_center | 12.01 | |
| hp | performance_center | 12.20 | |
| hp | performance_center | 12.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.52:p3:*:*:*:*:*:*",
"matchCriteriaId": "EA41E4F9-3325-4665-A433-BDAA02621F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.00:p1:*:*:*:*:*:*",
"matchCriteriaId": "58DEE82F-A703-4F0D-96D4-47E6DEC473BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.01:p3:*:*:*:*:*:*",
"matchCriteriaId": "5B9BA232-B8DD-4EC9-991F-06E73774A156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.02:p2:*:*:*:*:*:*",
"matchCriteriaId": "F7226CD8-1528-4C5B-825D-2569D025808C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.50:p1:*:*:*:*:*:*",
"matchCriteriaId": "8FBCB098-3822-4C54-AA84-7C7E5751B929",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:performance_center:11.52:p3:*:*:*:*:*:*",
"matchCriteriaId": "4BACEBCB-93A4-4C8C-90DD-3D233BF9B128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.00:p1:*:*:*:*:*:*",
"matchCriteriaId": "27EAC034-46D2-41A8-A3F5-7ABDCC7E9457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.01:p3:*:*:*:*:*:*",
"matchCriteriaId": "B0DEA9F8-EF3D-4C7F-B6B9-F9A33341E9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.20:p2:*:*:*:*:*:*",
"matchCriteriaId": "F7FCF452-A5B1-4CB5-BD02-785670A04E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.50:p1:*:*:*:*:*:*",
"matchCriteriaId": "235AB949-A179-48FC-BFAA-7796578E430D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en pila en el agente mchan.dll en HPE LoadRunner 11.52 hasta el parche 3, 12.00 hasta el parche 1, 12.01 hasta el parche 3, 12.02 hasta el parche 2 y 12.50 hasta el parche 3 y Performance Center 11.52hasta el parche 3, 12.00 hasta el parche 1, 12.01 hasta el parche 3, 12.20 hasta el parche 2 y 12.50 hasta el parche 1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un valor long -server_name, tambi\u00e9n conocido como ZDI-CAN-3516."
}
],
"id": "CVE-2016-4359",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-08T14:59:37.797",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/90975"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036006"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-363"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"source": "cve@mitre.org",
"url": "https://www.tenable.com/security/research/tra-2016-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/90975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/research/tra-2016-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-29 13:59
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | loadrunner | 9.0.0 | |
| hp | loadrunner | 9.50.0 | |
| hp | loadrunner | 9.51 | |
| hp | loadrunner | 9.52 | |
| hp | loadrunner | 11.0.0.0 | |
| hp | loadrunner | 11.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA7236-36E7-492B-AA2B-BA5A13B6A9F5",
"versionEndIncluding": "11.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53CE3772-07F9-4D93-A00C-460539B09421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.50.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3DB6B7-405D-4925-9BB3-3E14247886C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "41BD0892-484B-4A86-83AF-09AEB62A67A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.52:*:*:*:*:*:*:*",
"matchCriteriaId": "77B188D2-A07C-427E-BDFB-DB95655CD87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34A09069-BD15-4DBD-BB9E-CD411974708E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.50:*:*:*:*:*:*:*",
"matchCriteriaId": "788E6444-45F2-40B5-8C4C-8A68E42AC5E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en HP LoadRunner antes de 11.52, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos. Aka ZDI-CAN-1690."
}
],
"id": "CVE-2013-4797",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-29T13:59:14.237",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://osvdb.org/95641"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/bid/61444"
},
{
"source": "hp-security-alert@hp.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85957"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-13 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| persits | xupload | 2.0 | |
| hp | loadrunner | 9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:persits:xupload:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F151EAF-714D-4E3E-BBCF-26D416865D4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11C140E6-D09F-4B81-A1E0-F7661855FC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \\.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el control Vulnerabilidad de salto de directorio en (XUpload.ocx) en HP LoadRunner v9.5 permite a atacantes remotos crear archivos a su elecci\u00f3n a trav\u00e9s de la secuencia \\.. (barra invertida punto punto) en el tercer argumento en el m\u00e9todo MakeHttpRequest."
}
],
"id": "CVE-2009-3693",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-13T10:30:00.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/9sg_hp_loadrunner.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/9sg_hp_loadrunner.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36898"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-18 18:03
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | 9.52 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.52:*:*:*:*:*:*:*",
"matchCriteriaId": "77B188D2-A07C-427E-BDFB-DB95655CD87B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en HP LoadRunner v9.52 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de tr\u00e1fico de red al puerto TCP 5001 o 5002, relacionado con la caracter\u00edstica HttpTunnel."
}
],
"id": "CVE-2011-0272",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-18T18:03:08.317",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://osvdb.org/70432"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42898"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://securitytracker.com/id?1024956"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/archive/1/515682"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/archive/1/515682"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/bid/45792"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0095"
},
{
"source": "hp-security-alert@hp.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/515682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/515682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64659"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-21 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | performance_center | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:p2:*:*:*:*:*:*",
"matchCriteriaId": "C6C8B154-A7EA-48FA-BB0E-22858F9DA602",
"versionEndIncluding": "12.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:*:p2:*:*:*:*:*:*",
"matchCriteriaId": "A2A7FCC9-E09C-425D-90B2-024EB1D39BFC",
"versionEndIncluding": "12.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors."
},
{
"lang": "es",
"value": "HPE Performance Center en versiones anteriores a 12.50 y LoadRunner en versiones anteriores a 12.50 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-4384",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-21T02:59:11.210",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/93069"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036859"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036860"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05278882"
},
{
"source": "cve@mitre.org",
"url": "https://www.tenable.com/security/research/tra-2016-26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05278882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/research/tra-2016-26"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-29 13:59
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | loadrunner | 9.0.0 | |
| hp | loadrunner | 9.50.0 | |
| hp | loadrunner | 9.51 | |
| hp | loadrunner | 9.52 | |
| hp | loadrunner | 11.0.0.0 | |
| hp | loadrunner | 11.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA7236-36E7-492B-AA2B-BA5A13B6A9F5",
"versionEndIncluding": "11.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53CE3772-07F9-4D93-A00C-460539B09421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.50.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3DB6B7-405D-4925-9BB3-3E14247886C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "41BD0892-484B-4A86-83AF-09AEB62A67A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.52:*:*:*:*:*:*:*",
"matchCriteriaId": "77B188D2-A07C-427E-BDFB-DB95655CD87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34A09069-BD15-4DBD-BB9E-CD411974708E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.50:*:*:*:*:*:*:*",
"matchCriteriaId": "788E6444-45F2-40B5-8C4C-8A68E42AC5E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en HP LoadRunner antes de 11.52, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos. Aka ZDI-CAN-1734."
}
],
"id": "CVE-2013-4799",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-29T13:59:14.290",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://osvdb.org/95643"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/bid/61442"
},
{
"source": "hp-security-alert@hp.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85959"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-07 18:24
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | loadrunner | 7.0 | |
| hp | loadrunner | 7.02 | |
| hp | loadrunner | 7.5 | |
| hp | loadrunner | 7.6 | |
| hp | loadrunner | 7.8 | |
| hp | loadrunner | 7.51 | |
| hp | loadrunner | 8.0 | |
| hp | loadrunner | 8.12 | |
| hp | loadrunner | 8.13 | |
| hp | loadrunner | 8.14 | |
| hp | loadrunner | 9.0 | |
| hp | performance_center | * | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1608B33-23D9-4B30-A471-06F1849301AF",
"versionEndIncluding": "9.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30344845-9DAE-4E51-8E27-6B650A4EE126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "B37BBFD8-81BE-4F9C-A0A5-0BEC7FA46A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "476FC1E3-5BD5-4271-92FB-F017AD0CA5D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "09133BB4-E5EB-4084-BDA4-39732EC74DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD409D2-9A27-46C5-8368-D530A8155BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:7.51:*:*:*:*:*:*:*",
"matchCriteriaId": "B05A91C3-0B55-4DE3-B9FD-0CCE06545360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6792A07-8328-439E-BBF2-140B18A1D4E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38BCA1BE-9D4C-4381-A2FC-36181A17787F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D59A2E8F-ED38-475E-9FAB-1B445C2ED141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6B18ACBD-11AA-4020-8D2E-B8C07DFA3D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8348EAB4-C5F8-49C6-8671-2F1002BBF4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63F5A034-4D39-4683-966F-5A30884584F9",
"versionEndIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en el Agente en LoadRunner de HP anterior a versi\u00f3n 9.50 y Performance Center de HP anterior a versi\u00f3n 9.50, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de vectores desconocidos."
}
],
"id": "CVE-2010-1549",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-07T18:24:15.953",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://seclists.org/bugtraq/2010/May/69"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://seclists.org/bugtraq/2010/May/69"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/archive/1/511146/100/0/threaded"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/archive/1/511146/100/0/threaded"
},
{
"source": "hp-security-alert@hp.com",
"url": "https://www.exploit-db.com/exploits/43411/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2010/May/69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2010/May/69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511146/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511146/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/43411/"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-04 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | loadrunner | 9.0.0 | |
| hp | loadrunner | 9.50.0 | |
| hp | loadrunner | 9.51 | |
| hp | loadrunner | 9.52 | |
| hp | loadrunner | 11.0.0.0 | |
| hp | loadrunner | 11.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA7236-36E7-492B-AA2B-BA5A13B6A9F5",
"versionEndIncluding": "11.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53CE3772-07F9-4D93-A00C-460539B09421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.50.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3DB6B7-405D-4925-9BB3-3E14247886C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "41BD0892-484B-4A86-83AF-09AEB62A67A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.52:*:*:*:*:*:*:*",
"matchCriteriaId": "77B188D2-A07C-427E-BDFB-DB95655CD87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34A09069-BD15-4DBD-BB9E-CD411974708E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.50:*:*:*:*:*:*:*",
"matchCriteriaId": "788E6444-45F2-40B5-8C4C-8A68E42AC5E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Virtual User Generator de HP LoadRunner antes 11.52 que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos, tambi\u00e9n conocido como ZDI-CAN-1850."
}
],
"id": "CVE-2013-4838",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-04T16:55:04.950",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | performance_center | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0458950F-9181-4A1A-8CEF-E41425A347AA",
"versionEndIncluding": "12.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1D654F-0D62-46CB-BEBC-3BB68A097FF4",
"versionEndIncluding": "12.53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow."
},
{
"lang": "es",
"value": "HPE LoadRunner en versiones anteriores a la 12.53 parche 4 y HPE Performance Center en versiones anteriores a la 12.53 parche 4 permite que atacantes remotos ejecuten c\u00f3digo arbitrario mediante vectores no especificados. Al menos en LoadRunner, esto es un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) de libxdrutil.dll mxdr_string."
}
],
"id": "CVE-2017-5789",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T21:29:00.213",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101224"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96774"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038028"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038029"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-160/"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03712en_us"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2017-13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-160/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03712en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2017-13"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-29 13:59
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | loadrunner | 9.0.0 | |
| hp | loadrunner | 9.50.0 | |
| hp | loadrunner | 9.51 | |
| hp | loadrunner | 9.52 | |
| hp | loadrunner | 11.0.0.0 | |
| hp | loadrunner | 11.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA7236-36E7-492B-AA2B-BA5A13B6A9F5",
"versionEndIncluding": "11.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53CE3772-07F9-4D93-A00C-460539B09421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.50.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3DB6B7-405D-4925-9BB3-3E14247886C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "41BD0892-484B-4A86-83AF-09AEB62A67A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.52:*:*:*:*:*:*:*",
"matchCriteriaId": "77B188D2-A07C-427E-BDFB-DB95655CD87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34A09069-BD15-4DBD-BB9E-CD411974708E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.50:*:*:*:*:*:*:*",
"matchCriteriaId": "788E6444-45F2-40B5-8C4C-8A68E42AC5E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en HP LoadRunner antes de 11.52, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos. Aka ZDI-CAN-1669."
}
],
"id": "CVE-2013-2368",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-29T13:59:14.167",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-29 13:59
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | loadrunner | 9.0.0 | |
| hp | loadrunner | 9.50.0 | |
| hp | loadrunner | 9.51 | |
| hp | loadrunner | 9.52 | |
| hp | loadrunner | 11.0.0.0 | |
| hp | loadrunner | 11.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA7236-36E7-492B-AA2B-BA5A13B6A9F5",
"versionEndIncluding": "11.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53CE3772-07F9-4D93-A00C-460539B09421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.50.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3DB6B7-405D-4925-9BB3-3E14247886C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "41BD0892-484B-4A86-83AF-09AEB62A67A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.52:*:*:*:*:*:*:*",
"matchCriteriaId": "77B188D2-A07C-427E-BDFB-DB95655CD87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34A09069-BD15-4DBD-BB9E-CD411974708E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.50:*:*:*:*:*:*:*",
"matchCriteriaId": "788E6444-45F2-40B5-8C4C-8A68E42AC5E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en HP LoadRunner antes de 11.52, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos. Aka ZDI-CAN-1671."
}
],
"id": "CVE-2013-2370",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-29T13:59:14.223",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-29 13:59
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | loadrunner | 9.0.0 | |
| hp | loadrunner | 9.50.0 | |
| hp | loadrunner | 9.51 | |
| hp | loadrunner | 9.52 | |
| hp | loadrunner | 11.0.0.0 | |
| hp | loadrunner | 11.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA7236-36E7-492B-AA2B-BA5A13B6A9F5",
"versionEndIncluding": "11.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53CE3772-07F9-4D93-A00C-460539B09421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.50.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3DB6B7-405D-4925-9BB3-3E14247886C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "41BD0892-484B-4A86-83AF-09AEB62A67A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.52:*:*:*:*:*:*:*",
"matchCriteriaId": "77B188D2-A07C-427E-BDFB-DB95655CD87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34A09069-BD15-4DBD-BB9E-CD411974708E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.50:*:*:*:*:*:*:*",
"matchCriteriaId": "788E6444-45F2-40B5-8C4C-8A68E42AC5E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en HP LoadRunner antes de 11.52, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos. Aka ZDI-CAN-1736."
}
],
"id": "CVE-2013-4801",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-29T13:59:14.313",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://osvdb.org/95645"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/bid/61445"
},
{
"source": "hp-security-alert@hp.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85961"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-29 13:59
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | loadrunner | 9.0.0 | |
| hp | loadrunner | 9.50.0 | |
| hp | loadrunner | 9.51 | |
| hp | loadrunner | 9.52 | |
| hp | loadrunner | 11.0.0.0 | |
| hp | loadrunner | 11.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA7236-36E7-492B-AA2B-BA5A13B6A9F5",
"versionEndIncluding": "11.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53CE3772-07F9-4D93-A00C-460539B09421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.50.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3DB6B7-405D-4925-9BB3-3E14247886C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "41BD0892-484B-4A86-83AF-09AEB62A67A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.52:*:*:*:*:*:*:*",
"matchCriteriaId": "77B188D2-A07C-427E-BDFB-DB95655CD87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34A09069-BD15-4DBD-BB9E-CD411974708E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.50:*:*:*:*:*:*:*",
"matchCriteriaId": "788E6444-45F2-40B5-8C4C-8A68E42AC5E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en HP LoadRunner antes de 11.52, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos. Aka ZDI-CAN-1705."
}
],
"id": "CVE-2013-4798",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-29T13:59:14.263",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://osvdb.org/95642"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/bid/61443"
},
{
"source": "hp-security-alert@hp.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85958"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-16 02:00
Modified
2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5DCACD-D879-4707-B40A-C40606DB35AB",
"versionEndIncluding": "12.49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en HP LoadRunner Controller en versiones anteriores a 12.50, permite a usuarios locales obtener privilegios a trav\u00e9s de vectores desconocidos, tambi\u00e9n conocida como ZDI-CAN-2756."
}
],
"id": "CVE-2015-5426",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-16T02:00:07.617",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securitytracker.com/id/1033561"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-408"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692147"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-08 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | 11.52 | |
| hp | loadrunner | 12.00 | |
| hp | loadrunner | 12.01 | |
| hp | loadrunner | 12.02 | |
| hp | loadrunner | 12.50 | |
| hp | performance_center | 11.52 | |
| hp | performance_center | 12.00 | |
| hp | performance_center | 12.01 | |
| hp | performance_center | 12.20 | |
| hp | performance_center | 12.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.52:p3:*:*:*:*:*:*",
"matchCriteriaId": "EA41E4F9-3325-4665-A433-BDAA02621F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.00:p1:*:*:*:*:*:*",
"matchCriteriaId": "58DEE82F-A703-4F0D-96D4-47E6DEC473BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.01:p3:*:*:*:*:*:*",
"matchCriteriaId": "5B9BA232-B8DD-4EC9-991F-06E73774A156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.02:p2:*:*:*:*:*:*",
"matchCriteriaId": "F7226CD8-1528-4C5B-825D-2569D025808C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.50:p3:*:*:*:*:*:*",
"matchCriteriaId": "7772F623-E8AD-41A1-B5E2-F507FB7F413B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:performance_center:11.52:p3:*:*:*:*:*:*",
"matchCriteriaId": "4BACEBCB-93A4-4C8C-90DD-3D233BF9B128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.00:p1:*:*:*:*:*:*",
"matchCriteriaId": "27EAC034-46D2-41A8-A3F5-7ABDCC7E9457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.01:p3:*:*:*:*:*:*",
"matchCriteriaId": "B0DEA9F8-EF3D-4C7F-B6B9-F9A33341E9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.20:p2:*:*:*:*:*:*",
"matchCriteriaId": "F7FCF452-A5B1-4CB5-BD02-785670A04E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.50:p1:*:*:*:*:*:*",
"matchCriteriaId": "235AB949-A179-48FC-BFAA-7796578E430D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555."
},
{
"lang": "es",
"value": "web/admin/data.js en el componente Performance Center Virtual Table Server (VTS) en HPE LoadRunner 11.52 hasta el parche 3, 12.00 hasta el parche 1, 12.01 hasta el parche 3, 12.02 hasta el parche 2 y 12.50 hasta el parche 3 y Performance Center 11.52 hasta el parche 3, 12.00 hasta el parche 1, 12.01 hasta el parche 3, 12.20 hasta el parche 2 y 12.50 hasta el parche 1 no restringe rutas de archivo enviadas a un llamada desvinculada, lo que permite a atacantes remotos borrar archivos arbitrarios a trav\u00e9s del par\u00e1metro de ruta a data/import_csv, tambi\u00e9n conocido como ZDI-CAN-3555."
}
],
"id": "CVE-2016-4360",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-08T14:59:42.313",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/90975"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036006"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-364"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"source": "cve@mitre.org",
"url": "https://www.tenable.com/security/research/tra-2016-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/90975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/research/tra-2016-17"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-04 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | loadrunner | 9.0.0 | |
| hp | loadrunner | 9.50.0 | |
| hp | loadrunner | 9.51 | |
| hp | loadrunner | 9.52 | |
| hp | loadrunner | 11.0.0.0 | |
| hp | loadrunner | 11.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA7236-36E7-492B-AA2B-BA5A13B6A9F5",
"versionEndIncluding": "11.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53CE3772-07F9-4D93-A00C-460539B09421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.50.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3DB6B7-405D-4925-9BB3-3E14247886C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "41BD0892-484B-4A86-83AF-09AEB62A67A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.52:*:*:*:*:*:*:*",
"matchCriteriaId": "77B188D2-A07C-427E-BDFB-DB95655CD87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34A09069-BD15-4DBD-BB9E-CD411974708E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.50:*:*:*:*:*:*:*",
"matchCriteriaId": "788E6444-45F2-40B5-8C4C-8A68E42AC5E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Virtual User Generator de HP LoadRunner anterior a 11.52 que permite a atacantes remotos obtener informaci\u00f3n sensible, modificar datos o provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores desconocidos, tambi\u00e9n conocido como ZDI-CAN-1851."
}
],
"id": "CVE-2013-4839",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-04T16:55:04.983",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-08 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | performance_center | 11.52 | |
| hp | performance_center | 12.00 | |
| hp | performance_center | 12.01 | |
| hp | performance_center | 12.20 | |
| hp | performance_center | 12.50 | |
| hp | loadrunner | 11.52 | |
| hp | loadrunner | 12.00 | |
| hp | loadrunner | 12.01 | |
| hp | loadrunner | 12.02 | |
| hp | loadrunner | 12.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:performance_center:11.52:p3:*:*:*:*:*:*",
"matchCriteriaId": "4BACEBCB-93A4-4C8C-90DD-3D233BF9B128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.00:p1:*:*:*:*:*:*",
"matchCriteriaId": "27EAC034-46D2-41A8-A3F5-7ABDCC7E9457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.01:p3:*:*:*:*:*:*",
"matchCriteriaId": "B0DEA9F8-EF3D-4C7F-B6B9-F9A33341E9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.20:p2:*:*:*:*:*:*",
"matchCriteriaId": "F7FCF452-A5B1-4CB5-BD02-785670A04E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:performance_center:12.50:p1:*:*:*:*:*:*",
"matchCriteriaId": "235AB949-A179-48FC-BFAA-7796578E430D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.52:p3:*:*:*:*:*:*",
"matchCriteriaId": "EA41E4F9-3325-4665-A433-BDAA02621F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.00:p1:*:*:*:*:*:*",
"matchCriteriaId": "58DEE82F-A703-4F0D-96D4-47E6DEC473BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.01:p3:*:*:*:*:*:*",
"matchCriteriaId": "5B9BA232-B8DD-4EC9-991F-06E73774A156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.02:p2:*:*:*:*:*:*",
"matchCriteriaId": "F7226CD8-1528-4C5B-825D-2569D025808C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:12.50:p1:*:*:*:*:*:*",
"matchCriteriaId": "8FBCB098-3822-4C54-AA84-7C7E5751B929",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors."
},
{
"lang": "es",
"value": "HPE LoadRunner 11.52 hasta la versi\u00f3n patch 3, 12.00 hasta la versi\u00f3n patch 1, 12.01 hasta la versi\u00f3n patch 3, 12.02 hasta la versi\u00f3n patch 2 y 12.50 hasta la versi\u00f3n patch 3 and Performance Center 11.52 hasta la versi\u00f3n patch 3, 12.00 hasta la versi\u00f3n patch 1, 12.01 hasta la versi\u00f3n patch 3, 12.20 hasta la versi\u00f3n patch 2 y 12.50 hasta la versi\u00f3n patch 1 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-4361",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-08T14:59:46.487",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/90975"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036006"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"source": "cve@mitre.org",
"url": "https://www.tenable.com/security/research/tra-2016-26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/90975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/research/tra-2016-26"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-29 13:59
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | loadrunner | 9.0.0 | |
| hp | loadrunner | 9.50.0 | |
| hp | loadrunner | 9.51 | |
| hp | loadrunner | 9.52 | |
| hp | loadrunner | 11.0.0.0 | |
| hp | loadrunner | 11.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA7236-36E7-492B-AA2B-BA5A13B6A9F5",
"versionEndIncluding": "11.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53CE3772-07F9-4D93-A00C-460539B09421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.50.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3DB6B7-405D-4925-9BB3-3E14247886C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "41BD0892-484B-4A86-83AF-09AEB62A67A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.52:*:*:*:*:*:*:*",
"matchCriteriaId": "77B188D2-A07C-427E-BDFB-DB95655CD87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34A09069-BD15-4DBD-BB9E-CD411974708E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.50:*:*:*:*:*:*:*",
"matchCriteriaId": "788E6444-45F2-40B5-8C4C-8A68E42AC5E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en HP LoadRunner antes de 11.52, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos. Aka ZDI-CAN-1670."
}
],
"id": "CVE-2013-2369",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-29T13:59:14.197",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-29 13:59
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | * | |
| hp | loadrunner | 9.0.0 | |
| hp | loadrunner | 9.50.0 | |
| hp | loadrunner | 9.51 | |
| hp | loadrunner | 9.52 | |
| hp | loadrunner | 11.0.0.0 | |
| hp | loadrunner | 11.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA7236-36E7-492B-AA2B-BA5A13B6A9F5",
"versionEndIncluding": "11.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53CE3772-07F9-4D93-A00C-460539B09421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.50.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3DB6B7-405D-4925-9BB3-3E14247886C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "41BD0892-484B-4A86-83AF-09AEB62A67A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.52:*:*:*:*:*:*:*",
"matchCriteriaId": "77B188D2-A07C-427E-BDFB-DB95655CD87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34A09069-BD15-4DBD-BB9E-CD411974708E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.50:*:*:*:*:*:*:*",
"matchCriteriaId": "788E6444-45F2-40B5-8C4C-8A68E42AC5E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en HP LoadRunner antes de 11.52, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos. Aka ZDI-CAN-1735."
}
],
"id": "CVE-2013-4800",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-29T13:59:14.300",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://osvdb.org/95644"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://packetstormsecurity.com/files/123533"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/bid/61446"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-169"
},
{
"source": "hp-security-alert@hp.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85960"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/123533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-25 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner | 11.52 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:11.52:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B837F9-5DFF-4A70-B37C-884606588B75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en HP LoadRunner 11.52 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-2110",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-25T17:59:00.093",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04594015"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04594015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04594015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04594015"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-28 20:00
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data, via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | loadrunner_web_tours | 9.10 | |
| hp | loadrunner | * | |
| hp | loadrunner | 7.0 | |
| hp | loadrunner | 7.02 | |
| hp | loadrunner | 7.5 | |
| hp | loadrunner | 7.6 | |
| hp | loadrunner | 7.8 | |
| hp | loadrunner | 7.51 | |
| hp | loadrunner | 8.0 | |
| hp | loadrunner | 8.12 | |
| hp | loadrunner | 8.13 | |
| hp | loadrunner | 8.14 | |
| hp | loadrunner | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner_web_tours:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C2930314-CA86-4ABA-B56F-27FF3DD72C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "830D72C6-86BC-40AC-A02E-DD932CBD24CD",
"versionEndIncluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30344845-9DAE-4E51-8E27-6B650A4EE126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "B37BBFD8-81BE-4F9C-A0A5-0BEC7FA46A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "476FC1E3-5BD5-4271-92FB-F017AD0CA5D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "09133BB4-E5EB-4084-BDA4-39732EC74DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD409D2-9A27-46C5-8368-D530A8155BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:7.51:*:*:*:*:*:*:*",
"matchCriteriaId": "B05A91C3-0B55-4DE3-B9FD-0CCE06545360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6792A07-8328-439E-BBF2-140B18A1D4E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38BCA1BE-9D4C-4381-A2FC-36181A17787F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D59A2E8F-ED38-475E-9FAB-1B445C2ED141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6B18ACBD-11AA-4020-8D2E-B8C07DFA3D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:loadrunner:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8348EAB4-C5F8-49C6-8671-2F1002BBF4AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data, via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en LoadRunner Web Tours v9.10 en HP LoadRunner v9.1 y anteriores permite a los atacantes remotos causar una denegaci\u00f3n de servicio, y posiblemente obtener informaci\u00f3n sensible o modificar datos, a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-4028",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-28T20:00:03.280",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=128821242731749\u0026w=2"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=128821242731749\u0026w=2"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securitytracker.com/id?1024657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=128821242731749\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=128821242731749\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024657"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-4359 (GCVE-0-2016-4359)
Vulnerability from cvelistv5
Published
2016-06-08 14:00
Modified
2024-08-06 00:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/90975 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036006 | vdb-entry, x_refsource_SECTRACK | |
| https://www.tenable.com/security/research/tra-2016-16 | x_refsource_MISC | |
| http://www.zerodayinitiative.com/advisories/ZDI-16-363 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"name": "90975",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90975"
},
{
"name": "1036006",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036006"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2016-16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-363"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-02T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"name": "90975",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90975"
},
{
"name": "1036006",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036006"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2016-16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-363"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"name": "90975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90975"
},
{
"name": "1036006",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036006"
},
{
"name": "https://www.tenable.com/security/research/tra-2016-16",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-16"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-363",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-363"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4359",
"datePublished": "2016-06-08T14:00:00",
"dateReserved": "2016-04-29T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6213 (GCVE-0-2013-6213)
Vulnerability from cvelistv5
Published
2014-04-19 01:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437 | vendor-advisory, x_refsource_HP | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT101357",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"name": "HPSBMU02935",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-19T01:57:00",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT101357",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"name": "HPSBMU02935",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-6213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101357",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"name": "HPSBMU02935",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-6213",
"datePublished": "2014-04-19T01:00:00",
"dateReserved": "2013-10-21T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4798 (GCVE-0-2013-4798)
Vulnerability from cvelistv5
Published
2013-07-26 18:00
Modified
2024-08-06 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85958 | vdb-entry, x_refsource_XF | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP | |
| http://osvdb.org/95642 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/61443 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT101074",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "hp-loadrunner-cve20134798-code-exec(85958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85958"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "95642",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95642"
},
{
"name": "61443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61443"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT101074",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "hp-loadrunner-cve20134798-code-exec(85958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85958"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "95642",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95642"
},
{
"name": "61443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61443"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-4798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101074",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "hp-loadrunner-cve20134798-code-exec(85958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85958"
},
{
"name": "HPSBGN02905",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "95642",
"refsource": "OSVDB",
"url": "http://osvdb.org/95642"
},
{
"name": "61443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61443"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-4798",
"datePublished": "2013-07-26T18:00:00",
"dateReserved": "2013-07-12T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6857 (GCVE-0-2015-6857)
Vulnerability from cvelistv5
Published
2015-11-26 02:00
Modified
2024-08-06 07:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-15-581 | x_refsource_MISC | |
| https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04900820 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/77946 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1034259 | vdb-entry, x_refsource_SECTRACK | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04907374 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:33.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-581"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04900820"
},
{
"name": "77946",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77946"
},
{
"name": "1034259",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04907374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-581"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04900820"
},
{
"name": "77946",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77946"
},
{
"name": "1034259",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04907374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-581",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-581"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04900820",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04900820"
},
{
"name": "77946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77946"
},
{
"name": "1034259",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034259"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04907374",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04907374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6857",
"datePublished": "2015-11-26T02:00:00",
"dateReserved": "2015-09-10T00:00:00",
"dateUpdated": "2024-08-06T07:36:33.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4360 (GCVE-0-2016-4360)
Vulnerability from cvelistv5
Published
2016-06-08 14:00
Modified
2024-08-06 00:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/90975 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036006 | vdb-entry, x_refsource_SECTRACK | |
| https://www.tenable.com/security/research/tra-2016-17 | x_refsource_MISC | |
| http://www.zerodayinitiative.com/advisories/ZDI-16-364 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"name": "90975",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90975"
},
{
"name": "1036006",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036006"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2016-17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-364"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-02T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"name": "90975",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90975"
},
{
"name": "1036006",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036006"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2016-17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-364"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"name": "90975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90975"
},
{
"name": "1036006",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036006"
},
{
"name": "https://www.tenable.com/security/research/tra-2016-17",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-17"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-364",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-364"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4360",
"datePublished": "2016-06-08T14:00:00",
"dateReserved": "2016-04-29T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1549 (GCVE-0-2010-1549)
Vulnerability from cvelistv5
Published
2010-05-07 17:43
Modified
2024-08-07 01:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/511146/100/0/threaded | vendor-advisory, x_refsource_HP | |
| http://www.securityfocus.com/archive/1/511146/100/0/threaded | vendor-advisory, x_refsource_HP | |
| http://seclists.org/bugtraq/2010/May/69 | vendor-advisory, x_refsource_HP | |
| http://seclists.org/bugtraq/2010/May/69 | vendor-advisory, x_refsource_HP | |
| https://www.exploit-db.com/exploits/43411/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:42.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT071328",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511146/100/0/threaded"
},
{
"name": "HPSBMA02201",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511146/100/0/threaded"
},
{
"name": "HPSBMA02528",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2010/May/69"
},
{
"name": "SSRT100106",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2010/May/69"
},
{
"name": "43411",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43411/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT071328",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/511146/100/0/threaded"
},
{
"name": "HPSBMA02201",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/511146/100/0/threaded"
},
{
"name": "HPSBMA02528",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://seclists.org/bugtraq/2010/May/69"
},
{
"name": "SSRT100106",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://seclists.org/bugtraq/2010/May/69"
},
{
"name": "43411",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43411/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-1549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT071328",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/511146/100/0/threaded"
},
{
"name": "HPSBMA02201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/511146/100/0/threaded"
},
{
"name": "HPSBMA02528",
"refsource": "HP",
"url": "http://seclists.org/bugtraq/2010/May/69"
},
{
"name": "SSRT100106",
"refsource": "HP",
"url": "http://seclists.org/bugtraq/2010/May/69"
},
{
"name": "43411",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43411/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2010-1549",
"datePublished": "2010-05-07T17:43:00",
"dateReserved": "2010-04-26T00:00:00",
"dateUpdated": "2024-08-07T01:28:42.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2368 (GCVE-0-2013-2368)
Vulnerability from cvelistv5
Published
2013-07-26 18:00
Modified
2024-09-16 16:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:46.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT101081",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-26T18:00:00Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT101081",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-2368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101081",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "HPSBGN02905",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-2368",
"datePublished": "2013-07-26T18:00:00Z",
"dateReserved": "2013-03-04T00:00:00Z",
"dateUpdated": "2024-09-16T16:53:08.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2328 (GCVE-0-2011-2328)
Vulnerability from cvelistv5
Published
2011-06-02 20:00
Modified
2024-08-06 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a .usr (aka Virtual User script) file with long directives.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/987308 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/48073 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67783 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:32.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#987308",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/987308"
},
{
"name": "48073",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48073"
},
{
"name": "loadrunner-virtualuser-bo(67783)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a .usr (aka Virtual User script) file with long directives."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#987308",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/987308"
},
{
"name": "48073",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48073"
},
{
"name": "loadrunner-virtualuser-bo(67783)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67783"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a .usr (aka Virtual User script) file with long directives."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#987308",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/987308"
},
{
"name": "48073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48073"
},
{
"name": "loadrunner-virtualuser-bo(67783)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67783"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2328",
"datePublished": "2011-06-02T20:00:00",
"dateReserved": "2011-06-02T00:00:00",
"dateUpdated": "2024-08-06T23:00:32.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4839 (GCVE-0-2013-4839)
Vulnerability from cvelistv5
Published
2013-11-04 15:00
Modified
2024-09-16 19:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437 | vendor-advisory, x_refsource_HP | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:39.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT101193",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"name": "HPSBMU02935",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-04T15:00:00Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT101193",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"name": "HPSBMU02935",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-4839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101193",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"name": "HPSBMU02935",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-4839",
"datePublished": "2013-11-04T15:00:00Z",
"dateReserved": "2013-07-12T00:00:00Z",
"dateUpdated": "2024-09-16T19:25:07.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4361 (GCVE-0-2016-4361)
Vulnerability from cvelistv5
Published
2016-06-08 14:00
Modified
2024-08-06 00:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/90975 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036006 | vdb-entry, x_refsource_SECTRACK | |
| https://www.tenable.com/security/research/tra-2016-26 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"name": "90975",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90975"
},
{
"name": "1036006",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036006"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2016-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"name": "90975",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90975"
},
{
"name": "1036006",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036006"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2016-26"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"name": "90975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90975"
},
{
"name": "1036006",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036006"
},
{
"name": "https://www.tenable.com/security/research/tra-2016-26",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-26"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4361",
"datePublished": "2016-06-08T14:00:00",
"dateReserved": "2016-04-29T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6530 (GCVE-0-2007-6530)
Vulnerability from cvelistv5
Published
2007-12-27 22:00
Modified
2024-08-07 16:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=full-disclosure&m=119863639428564&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://www.vupen.com/english/advisories/2007/4310 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/28205 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1019147 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/28145 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/28218 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/39901 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/27025 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:05.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20071225 Persits Software XUpload.ocx Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=119863639428564\u0026w=2"
},
{
"name": "ADV-2007-4310",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4310"
},
{
"name": "28205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28205"
},
{
"name": "1019147",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019147"
},
{
"name": "28145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28145"
},
{
"name": "28218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28218"
},
{
"name": "39901",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39901"
},
{
"name": "27025",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-04T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20071225 Persits Software XUpload.ocx Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=119863639428564\u0026w=2"
},
{
"name": "ADV-2007-4310",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4310"
},
{
"name": "28205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28205"
},
{
"name": "1019147",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019147"
},
{
"name": "28145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28145"
},
{
"name": "28218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28218"
},
{
"name": "39901",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39901"
},
{
"name": "27025",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071225 Persits Software XUpload.ocx Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=119863639428564\u0026w=2"
},
{
"name": "ADV-2007-4310",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4310"
},
{
"name": "28205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28205"
},
{
"name": "1019147",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019147"
},
{
"name": "28145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28145"
},
{
"name": "28218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28218"
},
{
"name": "39901",
"refsource": "OSVDB",
"url": "http://osvdb.org/39901"
},
{
"name": "27025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6530",
"datePublished": "2007-12-27T22:00:00",
"dateReserved": "2007-12-27T00:00:00",
"dateUpdated": "2024-08-07T16:11:05.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4799 (GCVE-0-2013-4799)
Vulnerability from cvelistv5
Published
2013-07-26 18:00
Modified
2024-08-06 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/61442 | vdb-entry, x_refsource_BID | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85959 | vdb-entry, x_refsource_XF | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP | |
| http://osvdb.org/95643 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61442"
},
{
"name": "SSRT101114",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "hp-loadrunner-cve20134799-code-exec(85959)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85959"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "95643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "61442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61442"
},
{
"name": "SSRT101114",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "hp-loadrunner-cve20134799-code-exec(85959)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85959"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "95643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-4799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61442"
},
{
"name": "SSRT101114",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "hp-loadrunner-cve20134799-code-exec(85959)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85959"
},
{
"name": "HPSBGN02905",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "95643",
"refsource": "OSVDB",
"url": "http://osvdb.org/95643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-4799",
"datePublished": "2013-07-26T18:00:00",
"dateReserved": "2013-07-12T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5426 (GCVE-0-2015-5426)
Vulnerability from cvelistv5
Published
2015-09-16 01:00
Modified
2024-08-06 06:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692147 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1033561 | vdb-entry, x_refsource_SECTRACK | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-408 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692147"
},
{
"name": "1033561",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033561"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692147"
},
{
"name": "1033561",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033561"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2015-5426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692147",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692147"
},
{
"name": "1033561",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033561"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-408",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2015-5426",
"datePublished": "2015-09-16T01:00:00",
"dateReserved": "2015-07-07T00:00:00",
"dateUpdated": "2024-08-06T06:50:02.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4384 (GCVE-0-2016-4384)
Vulnerability from cvelistv5
Published
2016-09-21 01:00
Modified
2024-08-06 00:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05278882 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036859 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/93069 | vdb-entry, x_refsource_BID | |
| https://www.tenable.com/security/research/tra-2016-26 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1036860 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05278882"
},
{
"name": "1036859",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036859"
},
{
"name": "93069",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93069"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2016-26"
},
{
"name": "1036860",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05278882"
},
{
"name": "1036859",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036859"
},
{
"name": "93069",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93069"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2016-26"
},
{
"name": "1036860",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05278882",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05278882"
},
{
"name": "1036859",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036859"
},
{
"name": "93069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93069"
},
{
"name": "https://www.tenable.com/security/research/tra-2016-26",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-26"
},
{
"name": "1036860",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4384",
"datePublished": "2016-09-21T01:00:00",
"dateReserved": "2016-04-29T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2370 (GCVE-0-2013-2370)
Vulnerability from cvelistv5
Published
2013-07-26 18:00
Modified
2024-09-17 01:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:46.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT101083",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-26T18:00:00Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT101083",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-2370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101083",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "HPSBGN02905",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-2370",
"datePublished": "2013-07-26T18:00:00Z",
"dateReserved": "2013-03-04T00:00:00Z",
"dateUpdated": "2024-09-17T01:00:43.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4801 (GCVE-0-2013-4801)
Vulnerability from cvelistv5
Published
2013-07-26 18:00
Modified
2024-08-06 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85961 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/95645 | vdb-entry, x_refsource_OSVDB | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP | |
| http://www.securityfocus.com/bid/61445 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT101085",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "hp-loadrunner-cve20134801-code-exec(85961)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85961"
},
{
"name": "95645",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95645"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "61445",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT101085",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "hp-loadrunner-cve20134801-code-exec(85961)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85961"
},
{
"name": "95645",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95645"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "61445",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-4801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101085",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "hp-loadrunner-cve20134801-code-exec(85961)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85961"
},
{
"name": "95645",
"refsource": "OSVDB",
"url": "http://osvdb.org/95645"
},
{
"name": "HPSBGN02905",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "61445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-4801",
"datePublished": "2013-07-26T18:00:00",
"dateReserved": "2013-07-12T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3693 (GCVE-0-2009-3693)
Vulnerability from cvelistv5
Published
2009-10-13 10:00
Modified
2024-09-16 17:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36898 | third-party-advisory, x_refsource_SECUNIA | |
| http://retrogod.altervista.org/9sg_hp_loadrunner.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36898",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36898"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/9sg_hp_loadrunner.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \\.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-10-13T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36898",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36898"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/9sg_hp_loadrunner.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \\.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36898",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36898"
},
{
"name": "http://retrogod.altervista.org/9sg_hp_loadrunner.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/9sg_hp_loadrunner.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3693",
"datePublished": "2009-10-13T10:00:00Z",
"dateReserved": "2009-10-13T00:00:00Z",
"dateUpdated": "2024-09-16T17:32:35.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4028 (GCVE-0-2010-4028)
Vulnerability from cvelistv5
Published
2010-10-28 19:00
Modified
2024-08-07 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data, via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=128821242731749&w=2 | vendor-advisory, x_refsource_HP | |
| http://marc.info/?l=bugtraq&m=128821242731749&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.securitytracker.com/id?1024657 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:36.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBMA02533",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=128821242731749\u0026w=2"
},
{
"name": "SSRT080049",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=128821242731749\u0026w=2"
},
{
"name": "1024657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data, via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-11-11T10:00:00",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "HPSBMA02533",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=128821242731749\u0026w=2"
},
{
"name": "SSRT080049",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=128821242731749\u0026w=2"
},
{
"name": "1024657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-4028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data, via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMA02533",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=128821242731749\u0026w=2"
},
{
"name": "SSRT080049",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=128821242731749\u0026w=2"
},
{
"name": "1024657",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2010-4028",
"datePublished": "2010-10-28T19:00:00",
"dateReserved": "2010-10-21T00:00:00",
"dateUpdated": "2024-08-07T03:34:36.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0272 (GCVE-0-2011-0272)
Vulnerability from cvelistv5
Published
2011-01-18 17:00
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/42898 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64659 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1024956 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/45792 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2011/0095 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/515682 | vendor-advisory, x_refsource_HP | |
| http://osvdb.org/70432 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/515682 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:07.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42898",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42898"
},
{
"name": "loadrunner-unspec-code-execution(64659)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64659"
},
{
"name": "1024956",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024956"
},
{
"name": "45792",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45792"
},
{
"name": "ADV-2011-0095",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0095"
},
{
"name": "SSRT100195",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515682"
},
{
"name": "70432",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70432"
},
{
"name": "HPSBMA02624",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "42898",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42898"
},
{
"name": "loadrunner-unspec-code-execution(64659)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64659"
},
{
"name": "1024956",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024956"
},
{
"name": "45792",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45792"
},
{
"name": "ADV-2011-0095",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0095"
},
{
"name": "SSRT100195",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/515682"
},
{
"name": "70432",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70432"
},
{
"name": "HPSBMA02624",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/515682"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-0272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42898",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42898"
},
{
"name": "loadrunner-unspec-code-execution(64659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64659"
},
{
"name": "1024956",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024956"
},
{
"name": "45792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45792"
},
{
"name": "ADV-2011-0095",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0095"
},
{
"name": "SSRT100195",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/515682"
},
{
"name": "70432",
"refsource": "OSVDB",
"url": "http://osvdb.org/70432"
},
{
"name": "HPSBMA02624",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/515682"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2011-0272",
"datePublished": "2011-01-18T17:00:00",
"dateReserved": "2010-12-23T00:00:00",
"dateUpdated": "2024-08-06T21:51:07.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5789 (GCVE-0-2017-5789)
Vulnerability from cvelistv5
Published
2017-10-13 02:00
Modified
2024-08-05 15:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101224 | vdb-entry, x_refsource_BID | |
| https://www.tenable.com/security/research/tra-2017-13 | x_refsource_MISC | |
| http://www.zerodayinitiative.com/advisories/ZDI-17-160/ | x_refsource_MISC | |
| http://www.securitytracker.com/id/1038029 | vdb-entry, x_refsource_SECTRACK | |
| https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03712en_us | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96774 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038028 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HPE LoadRunner and Performance Center |
Version: HPE LoadRunner and Performance Center |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101224",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101224"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-160/"
},
{
"name": "1038029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038029"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03712en_us"
},
{
"name": "96774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96774"
},
{
"name": "1038028",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE LoadRunner and Performance Center",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "HPE LoadRunner and Performance Center"
}
]
}
],
"datePublic": "2017-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T15:57:01",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"name": "101224",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101224"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-160/"
},
{
"name": "1038029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038029"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03712en_us"
},
{
"name": "96774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96774"
},
{
"name": "1038028",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038028"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2017-5789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE LoadRunner and Performance Center",
"version": {
"version_data": [
{
"version_value": "HPE LoadRunner and Performance Center"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101224",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101224"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-13",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-13"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-17-160/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-160/"
},
{
"name": "1038029",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038029"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03712en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03712en_us"
},
{
"name": "96774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96774"
},
{
"name": "1038028",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038028"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2017-5789",
"datePublished": "2017-10-13T02:00:00",
"dateReserved": "2017-02-01T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4797 (GCVE-0-2013-4797)
Vulnerability from cvelistv5
Published
2013-07-26 18:00
Modified
2024-08-06 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85957 | vdb-entry, x_refsource_XF | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP | |
| http://www.securityfocus.com/bid/61444 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/95641 | vdb-entry, x_refsource_OSVDB | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "hp-loadrunner-cve20134797-code-exec(85957)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85957"
},
{
"name": "SSRT101084",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "61444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61444"
},
{
"name": "95641",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95641"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "hp-loadrunner-cve20134797-code-exec(85957)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85957"
},
{
"name": "SSRT101084",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "61444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61444"
},
{
"name": "95641",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95641"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-4797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "hp-loadrunner-cve20134797-code-exec(85957)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85957"
},
{
"name": "SSRT101084",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "61444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61444"
},
{
"name": "95641",
"refsource": "OSVDB",
"url": "http://osvdb.org/95641"
},
{
"name": "HPSBGN02905",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-4797",
"datePublished": "2013-07-26T18:00:00",
"dateReserved": "2013-07-12T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8953 (GCVE-0-2017-8953)
Vulnerability from cvelistv5
Published
2018-02-15 22:00
Modified
2024-09-16 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Cross-Site Scripting (XSS)
Summary
A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038868 | vdb-entry, x_refsource_SECTRACK | |
| https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03764en_us | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038867 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | LoadRunner and Performance Center |
Version: v12.53 and earlier, v12.53 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:20.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038868"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03764en_us"
},
{
"name": "1038867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038867"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LoadRunner and Performance Center",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "v12.53 and earlier, v12.53 and earlier"
}
]
}
],
"datePublic": "2017-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Cross-Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T15:57:01",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"name": "1038868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038868"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03764en_us"
},
{
"name": "1038867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038867"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-07-12T00:00:00",
"ID": "CVE-2017-8953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LoadRunner and Performance Center",
"version": {
"version_data": [
{
"version_value": "v12.53 and earlier, v12.53 and earlier"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038868",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038868"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03764en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03764en_us"
},
{
"name": "1038867",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038867"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2017-8953",
"datePublished": "2018-02-15T22:00:00Z",
"dateReserved": "2017-05-15T00:00:00",
"dateUpdated": "2024-09-16T22:15:43.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8512 (GCVE-0-2016-8512)
Vulnerability from cvelistv5
Published
2018-02-15 22:00
Modified
2024-09-16 20:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05354136 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | LoadRunner and Performance Center |
Version: All versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:40.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05354136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LoadRunner and Performance Center",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2016-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T21:57:01",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05354136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2016-12-13T00:00:00",
"ID": "CVE-2016-8512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LoadRunner and Performance Center",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05354136",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05354136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2016-8512",
"datePublished": "2018-02-15T22:00:00Z",
"dateReserved": "2016-10-07T00:00:00",
"dateUpdated": "2024-09-16T20:22:24.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4800 (GCVE-0-2013-4800)
Vulnerability from cvelistv5
Published
2013-07-26 18:00
Modified
2024-08-06 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/123533 | x_refsource_MISC | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85960 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/95644 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/61446 | vdb-entry, x_refsource_BID | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP | |
| http://www.zerodayinitiative.com/advisories/ZDI-13-169 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123533"
},
{
"name": "SSRT101117",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "hp-loadrunner-cve20134800-code-exec(85960)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85960"
},
{
"name": "95644",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95644"
},
{
"name": "61446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61446"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123533"
},
{
"name": "SSRT101117",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "hp-loadrunner-cve20134800-code-exec(85960)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85960"
},
{
"name": "95644",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95644"
},
{
"name": "61446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61446"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-169"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-4800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/123533",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123533"
},
{
"name": "SSRT101117",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "hp-loadrunner-cve20134800-code-exec(85960)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85960"
},
{
"name": "95644",
"refsource": "OSVDB",
"url": "http://osvdb.org/95644"
},
{
"name": "61446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61446"
},
{
"name": "HPSBGN02905",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-13-169",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-169"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-4800",
"datePublished": "2013-07-26T18:00:00",
"dateReserved": "2013-07-12T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2110 (GCVE-0-2015-2110)
Vulnerability from cvelistv5
Published
2015-05-25 17:00
Modified
2024-08-06 05:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04594015 | vendor-advisory, x_refsource_HP | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04594015 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:43.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBGN03286",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04594015"
},
{
"name": "SSRT101319",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04594015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T17:57:00",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "HPSBGN03286",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04594015"
},
{
"name": "SSRT101319",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04594015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2015-2110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBGN03286",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04594015"
},
{
"name": "SSRT101319",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04594015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2015-2110",
"datePublished": "2015-05-25T17:00:00",
"dateReserved": "2015-02-27T00:00:00",
"dateUpdated": "2024-08-06T05:02:43.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2369 (GCVE-0-2013-2369)
Vulnerability from cvelistv5
Published
2013-07-26 18:00
Modified
2024-09-17 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:46.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT101082",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-26T18:00:00Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT101082",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "HPSBGN02905",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-2369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101082",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
},
{
"name": "HPSBGN02905",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-2369",
"datePublished": "2013-07-26T18:00:00Z",
"dateReserved": "2013-03-04T00:00:00Z",
"dateUpdated": "2024-09-17T02:05:40.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4838 (GCVE-0-2013-4838)
Vulnerability from cvelistv5
Published
2013-11-04 15:00
Modified
2024-09-16 22:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437 | vendor-advisory, x_refsource_HP | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT101192",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"name": "HPSBMU02935",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-04T15:00:00Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT101192",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"name": "HPSBMU02935",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-4838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101192",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"name": "HPSBMU02935",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-4838",
"datePublished": "2013-11-04T15:00:00Z",
"dateReserved": "2013-07-12T00:00:00Z",
"dateUpdated": "2024-09-16T22:31:18.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4837 (GCVE-0-2013-4837)
Vulnerability from cvelistv5
Published
2013-11-04 15:00
Modified
2024-09-17 00:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437 | vendor-advisory, x_refsource_HP | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT101191",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"name": "HPSBMU02935",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-04T15:00:00Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT101191",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"name": "HPSBMU02935",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-4837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101191",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
},
{
"name": "HPSBMU02935",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-4837",
"datePublished": "2013-11-04T15:00:00Z",
"dateReserved": "2013-07-12T00:00:00Z",
"dateUpdated": "2024-09-17T00:26:46.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201511-0043
Vulnerability from variot
Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-3138 Was numbered.A third party may execute arbitrary code. Authentication is not required to exploit this vulnerability. By providing a connection string and malicious SQL commands to the /data/import_database resource, an attacker is able to execute arbitrary SQL commands against the database. An attacker could use this to modify the database, or execute arbitrary code under the context of NETWORK SERVICE. HP LoadRunner is prone to a local code-execution vulnerability. Failed attempts may lead to denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04907374
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04907374 Version: 1
HPSBGN03525 rev.1: HP Performance Center Virtual Table Server, Remote Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
References:
CVE-2015-6857 ZDI-CAN-3138 PSRT110001
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-6857 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following mitigation information available to resolve this vulnerability in the impacted versions of Performance Center.
Please consult HP Software Support Online (SSO):
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea rch/document/KM01936061
HISTORY Version:1 (rev.1) - 3 December 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2015 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBAgAGBQJWYI0xAAoJEGIGBBYqRO9/Rb0H/ifkXXJXIRjPuHgHjKDA42RO mnLZKx2VSPG7agFWs+6KbehGSs/L6OL92OkunjK16mC44FNL4JMAM7YDdrnurzdS 6bG0vYa0/8kzcBjzIPQegzJ6a6EBefMddtfiPI1kp4Z2BWypJhLU+6tl3gq94Wt+ GJmeYxHHdxyY3IEBQIKMaTeTDlnHzOZaUnUXJ/NPpYrrjl6pG8osqB1CvBynPGjH p8wHUwgqcrqcrskF7p6yu+zqF4rMejwffIyB4dqsKyuEJZln0SFyGJDe0s+ZhMvF r7JQ2hYNllXAo60yKewz5gEjcCvm36Ea3i9a5TWm1GycH3yaeAeaQW0w/qT+MRg= =q5qO -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0043",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.01"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.20"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.02"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "11.52"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "11.52"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.50"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.50"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.01"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.00"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.00"
},
{
"model": "hp loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.52"
},
{
"model": "hp loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.00"
},
{
"model": "hp loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.01"
},
{
"model": "hp loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.02"
},
{
"model": "hp loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.50"
},
{
"model": "loadrunner",
"scope": null,
"trust": 0.7,
"vendor": "hewlett packard",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006034"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-429"
},
{
"db": "NVD",
"id": "CVE-2015-6857"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hp:loadrunner",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006034"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-581"
}
],
"trust": 0.7
},
"cve": "CVE-2015-6857",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-6857",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6857",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6857",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6857",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2015-6857",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-429",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006034"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-429"
},
{
"db": "NVD",
"id": "CVE-2015-6857"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-3138 Was numbered.A third party may execute arbitrary code. Authentication is not required to exploit this vulnerability. By providing a connection string and malicious SQL commands to the /data/import_database resource, an attacker is able to execute arbitrary SQL commands against the database. An attacker could use this to modify the database, or execute arbitrary code under the context of NETWORK SERVICE. HP LoadRunner is prone to a local code-execution vulnerability. Failed attempts may lead to denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c04907374\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04907374\nVersion: 1\n\nHPSBGN03525 rev.1: HP Performance Center Virtual Table Server, Remote Code\nExecution\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nReferences:\n\nCVE-2015-6857\nZDI-CAN-3138\nPSRT110001\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-6857 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following mitigation information available to resolve this\nvulnerability in the impacted versions of Performance Center. \n\nPlease consult HP Software Support Online (SSO):\n\nhttps://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea\nrch/document/KM01936061\n\nHISTORY\nVersion:1 (rev.1) - 3 December 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2015 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBAgAGBQJWYI0xAAoJEGIGBBYqRO9/Rb0H/ifkXXJXIRjPuHgHjKDA42RO\nmnLZKx2VSPG7agFWs+6KbehGSs/L6OL92OkunjK16mC44FNL4JMAM7YDdrnurzdS\n6bG0vYa0/8kzcBjzIPQegzJ6a6EBefMddtfiPI1kp4Z2BWypJhLU+6tl3gq94Wt+\nGJmeYxHHdxyY3IEBQIKMaTeTDlnHzOZaUnUXJ/NPpYrrjl6pG8osqB1CvBynPGjH\np8wHUwgqcrqcrskF7p6yu+zqF4rMejwffIyB4dqsKyuEJZln0SFyGJDe0s+ZhMvF\nr7JQ2hYNllXAo60yKewz5gEjcCvm36Ea3i9a5TWm1GycH3yaeAeaQW0w/qT+MRg=\n=q5qO\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6857"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006034"
},
{
"db": "ZDI",
"id": "ZDI-15-581"
},
{
"db": "BID",
"id": "77946"
},
{
"db": "PACKETSTORM",
"id": "134630"
},
{
"db": "PACKETSTORM",
"id": "134546"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6857",
"trust": 3.6
},
{
"db": "ZDI",
"id": "ZDI-15-581",
"trust": 1.7
},
{
"db": "BID",
"id": "77946",
"trust": 1.3
},
{
"db": "SECTRACK",
"id": "1034259",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006034",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3138",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201511-429",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "134630",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134546",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-581"
},
{
"db": "BID",
"id": "77946"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006034"
},
{
"db": "PACKETSTORM",
"id": "134630"
},
{
"db": "PACKETSTORM",
"id": "134546"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-429"
},
{
"db": "NVD",
"id": "CVE-2015-6857"
}
]
},
"id": "VAR-201511-0043",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.35433716
},
"last_update_date": "2024-11-23T22:22:52.360000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBGN03523",
"trust": 1.5,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04900820"
},
{
"title": "HP LoadRunner Virtual Table Server Fixes for component arbitrary code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58861"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006034"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-429"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6857"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04900820"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1034259"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04907374"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/77946"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-581"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6857"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6857"
},
{
"trust": 0.7,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04900820"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6857"
},
{
"trust": 0.2,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea"
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/subscriber_choice"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006034"
},
{
"db": "PACKETSTORM",
"id": "134630"
},
{
"db": "PACKETSTORM",
"id": "134546"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-429"
},
{
"db": "NVD",
"id": "CVE-2015-6857"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-581"
},
{
"db": "BID",
"id": "77946"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006034"
},
{
"db": "PACKETSTORM",
"id": "134630"
},
{
"db": "PACKETSTORM",
"id": "134546"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-429"
},
{
"db": "NVD",
"id": "CVE-2015-6857"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-02T00:00:00",
"db": "ZDI",
"id": "ZDI-15-581"
},
{
"date": "2015-11-24T00:00:00",
"db": "BID",
"id": "77946"
},
{
"date": "2015-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006034"
},
{
"date": "2015-12-04T15:55:00",
"db": "PACKETSTORM",
"id": "134630"
},
{
"date": "2015-11-27T18:26:14",
"db": "PACKETSTORM",
"id": "134546"
},
{
"date": "2015-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-429"
},
{
"date": "2015-11-26T03:59:02.053000",
"db": "NVD",
"id": "CVE-2015-6857"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-02T00:00:00",
"db": "ZDI",
"id": "ZDI-15-581"
},
{
"date": "2015-12-07T22:35:00",
"db": "BID",
"id": "77946"
},
{
"date": "2015-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006034"
},
{
"date": "2015-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-429"
},
{
"date": "2024-11-21T02:35:47.600000",
"db": "NVD",
"id": "CVE-2015-6857"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "77946"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-429"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP LoadRunner of Virtual Table Server Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006034"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "77946"
}
],
"trust": 0.3
}
}
var-201606-0401
Vulnerability from variot
web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555. HPE LoadRunner and Performance Center The data will be changed or service operation will be disturbed (DoS) There are vulnerabilities that are put into a state. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-3555 Was numbered.Data is changed or service operation is interrupted by a third party (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Hewlett Packard Enterprise LoadRunner. Authentication is not required to exploit this vulnerability.The specific flaw exists within the import_csv functionality. The issue lies in the failure to restrict file paths sent to an unlink call which allows for the deletion of arbitrary files as SYSTEM. A remote attacker can leverage this vulnerability to cause a denial-of-service condition. HPE LoadRunner and Performance Center are performance load testing software from Hewlett Packard, USA. Multiple HP Products are prone to multiple remote code-execution and denial-of-service vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05157423
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05157423 Version: 1
HPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. These vulnerabilities could be exploited remotely to allow code execution, and Denial of Service (DoS).
References:
CVE-2016-4359 (PSRT110020, ZDI-CAN-3516) CVE-2016-4360 (PSRT110032, ZDI-CAN-3555) CVE-2016-4361 (SSRT102274)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
http://www.hpe.com/software/updates
Performance Center v11.52, please update to Performance Center v12.53 or later.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBAgAGBQJXTuaIAAoJEGIGBBYqRO9/2jsIANv3Bafqi6/Cl1UOgtPdLau8 FWnwoZnNUS8aEa33EKMMWQBZbNbLVSkILV/JmkgASHNY5nv2hAV7XPv+UsfEjMyv 99y6qa8ejcvI3E8L5nQFri6r7v9A8PqKfAedkUuZJrDZ3GTF7xX3jnmCmYezF843 PBvIF5/ZGu45xbWb7BavgsuXGmgnk2Ol6m6J9uJMTEKECwmRA1WH1lmbXXI5lxYT Let6E0F0dVyVly9avHZYkoQZbOxErVC00tUQUONCIEaYhlxhUJZxqAtjET/SwV+0 KCgliaNiCmbsBjXI+w2diYHI1QJALWUQ5gxdPhEmOfm/hT9LQ5G5Gj7PSp1unNo= =Yk9f -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0401",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.01"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.20"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.02"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "11.52"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.50"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "11.52"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.50"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.01"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.00"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.00"
},
{
"model": "hpe loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.52 patch 3 for up to 11.52"
},
{
"model": "hpe loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.00 patch 1 for up to 12.00"
},
{
"model": "hpe loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.01 patch 3 for up to 12.01"
},
{
"model": "hpe loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.02 patch 2 for up to 12.02"
},
{
"model": "hpe loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.50 patch 3 for up to 12.50"
},
{
"model": "hpe performance center",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.52 patch 3 for up to 11.52"
},
{
"model": "hpe performance center",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.00 patch 1 for up to 12.00"
},
{
"model": "hpe performance center",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.01 patch 3 for up to 12.01"
},
{
"model": "hpe performance center",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.20 patch 2 for up to 12.20"
},
{
"model": "hpe performance center",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.50 patch 1 for up to 12.50"
},
{
"model": "loadrunner",
"scope": null,
"trust": 0.7,
"vendor": "hewlett packard",
"version": null
},
{
"model": "loadrunner \u003e=11.52,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3"
},
{
"model": "loadrunner \u003e=12.00,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1"
},
{
"model": "loadrunner \u003e=12.01,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3"
},
{
"model": "loadrunner \u003e=12.02,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2"
},
{
"model": "loadrunner \u003e=12.50,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3"
},
{
"model": "performance center \u003e=11.52,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3"
},
{
"model": "performance center \u003e=12.00,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1"
},
{
"model": "performance center \u003e=12.01,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3"
},
{
"model": "performance center \u003e=12.20,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2"
},
{
"model": "performance center \u003e=12.50,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "11.52"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "12.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "12.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "12.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "12.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "11.52"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "12.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "12.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "12.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "12.50"
}
],
"sources": [
{
"db": "IVD",
"id": "1f3ef907-3e05-4d7c-ba07-010c5b733a88"
},
{
"db": "ZDI",
"id": "ZDI-16-364"
},
{
"db": "CNVD",
"id": "CNVD-2016-03839"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003080"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-018"
},
{
"db": "NVD",
"id": "CVE-2016-4360"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hp:loadrunner",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:performance_center",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003080"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenable Network Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-364"
}
],
"trust": 0.7
},
"cve": "CVE-2016-4360",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4360",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4360",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-03839",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "1f3ef907-3e05-4d7c-ba07-010c5b733a88",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4360",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4360",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-4360",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2016-4360",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-03839",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-018",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "1f3ef907-3e05-4d7c-ba07-010c5b733a88",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1f3ef907-3e05-4d7c-ba07-010c5b733a88"
},
{
"db": "ZDI",
"id": "ZDI-16-364"
},
{
"db": "CNVD",
"id": "CNVD-2016-03839"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003080"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-018"
},
{
"db": "NVD",
"id": "CVE-2016-4360"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555. HPE LoadRunner and Performance Center The data will be changed or service operation will be disturbed (DoS) There are vulnerabilities that are put into a state. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-3555 Was numbered.Data is changed or service operation is interrupted by a third party (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Hewlett Packard Enterprise LoadRunner. Authentication is not required to exploit this vulnerability.The specific flaw exists within the import_csv functionality. The issue lies in the failure to restrict file paths sent to an unlink call which allows for the deletion of arbitrary files as SYSTEM. A remote attacker can leverage this vulnerability to cause a denial-of-service condition. HPE LoadRunner and Performance Center are performance load testing software from Hewlett Packard, USA. Multiple HP Products are prone to multiple remote code-execution and denial-of-service vulnerabilities. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05157423\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05157423\nVersion: 1\n\nHPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code\nExecution, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. These vulnerabilities could be exploited\nremotely to allow code execution, and Denial of Service (DoS). \n\nReferences:\n\nCVE-2016-4359 (PSRT110020, ZDI-CAN-3516)\nCVE-2016-4360 (PSRT110032, ZDI-CAN-3555)\nCVE-2016-4361 (SSRT102274)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nhttp://www.hpe.com/software/updates\n\nPerformance Center v11.52, please update to Performance Center v12.53 or\nlater. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBAgAGBQJXTuaIAAoJEGIGBBYqRO9/2jsIANv3Bafqi6/Cl1UOgtPdLau8\nFWnwoZnNUS8aEa33EKMMWQBZbNbLVSkILV/JmkgASHNY5nv2hAV7XPv+UsfEjMyv\n99y6qa8ejcvI3E8L5nQFri6r7v9A8PqKfAedkUuZJrDZ3GTF7xX3jnmCmYezF843\nPBvIF5/ZGu45xbWb7BavgsuXGmgnk2Ol6m6J9uJMTEKECwmRA1WH1lmbXXI5lxYT\nLet6E0F0dVyVly9avHZYkoQZbOxErVC00tUQUONCIEaYhlxhUJZxqAtjET/SwV+0\nKCgliaNiCmbsBjXI+w2diYHI1QJALWUQ5gxdPhEmOfm/hT9LQ5G5Gj7PSp1unNo=\n=Yk9f\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4360"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003080"
},
{
"db": "ZDI",
"id": "ZDI-16-364"
},
{
"db": "CNVD",
"id": "CNVD-2016-03839"
},
{
"db": "BID",
"id": "90975"
},
{
"db": "IVD",
"id": "1f3ef907-3e05-4d7c-ba07-010c5b733a88"
},
{
"db": "PACKETSTORM",
"id": "137267"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4360",
"trust": 4.3
},
{
"db": "ZDI",
"id": "ZDI-16-364",
"trust": 1.7
},
{
"db": "BID",
"id": "90975",
"trust": 1.3
},
{
"db": "SECTRACK",
"id": "1036006",
"trust": 1.0
},
{
"db": "TENABLE",
"id": "TRA-2016-17",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2016-03839",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-018",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003080",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3555",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "137267",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2016.1387",
"trust": 0.6
},
{
"db": "IVD",
"id": "1F3EF907-3E05-4D7C-BA07-010C5B733A88",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "1f3ef907-3e05-4d7c-ba07-010c5b733a88"
},
{
"db": "ZDI",
"id": "ZDI-16-364"
},
{
"db": "CNVD",
"id": "CNVD-2016-03839"
},
{
"db": "BID",
"id": "90975"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003080"
},
{
"db": "PACKETSTORM",
"id": "137267"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-018"
},
{
"db": "NVD",
"id": "CVE-2016-4360"
}
]
},
"id": "VAR-201606-0401",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1f3ef907-3e05-4d7c-ba07-010c5b733a88"
},
{
"db": "CNVD",
"id": "CNVD-2016-03839"
}
],
"trust": 1.15433716
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "1f3ef907-3e05-4d7c-ba07-010c5b733a88"
},
{
"db": "CNVD",
"id": "CNVD-2016-03839"
}
]
},
"last_update_date": "2024-11-23T22:01:23.924000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBGN03609",
"trust": 1.5,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"title": "Patch for multiple vulnerabilities (CNVD-2016-03839) in HPE LoadRunner and Performance Center",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/76998"
},
{
"title": "HPE LoadRunner and Performance Center Fixes for multiple security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62043"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-364"
},
{
"db": "CNVD",
"id": "CNVD-2016-03839"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003080"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-018"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4360"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05157423"
},
{
"trust": 1.2,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157423"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-364"
},
{
"trust": 1.0,
"url": "https://www.tenable.com/security/research/tra-2016-17"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/90975"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1036006"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4360"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4360"
},
{
"trust": 0.6,
"url": "http://packetstormsecurity.com/files/137267/hp-security-bulletin-hpsbgn03609-1.html"
},
{
"trust": 0.6,
"url": "http://www.auscert.org.au/./render.html?it=35318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4359"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/software/updates"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4361"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4360"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetse"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-364"
},
{
"db": "CNVD",
"id": "CNVD-2016-03839"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003080"
},
{
"db": "PACKETSTORM",
"id": "137267"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-018"
},
{
"db": "NVD",
"id": "CVE-2016-4360"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1f3ef907-3e05-4d7c-ba07-010c5b733a88"
},
{
"db": "ZDI",
"id": "ZDI-16-364"
},
{
"db": "CNVD",
"id": "CNVD-2016-03839"
},
{
"db": "BID",
"id": "90975"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003080"
},
{
"db": "PACKETSTORM",
"id": "137267"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-018"
},
{
"db": "NVD",
"id": "CVE-2016-4360"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-07T00:00:00",
"db": "IVD",
"id": "1f3ef907-3e05-4d7c-ba07-010c5b733a88"
},
{
"date": "2016-06-03T00:00:00",
"db": "ZDI",
"id": "ZDI-16-364"
},
{
"date": "2016-06-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03839"
},
{
"date": "2016-05-31T00:00:00",
"db": "BID",
"id": "90975"
},
{
"date": "2016-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003080"
},
{
"date": "2016-06-01T15:47:01",
"db": "PACKETSTORM",
"id": "137267"
},
{
"date": "2016-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-018"
},
{
"date": "2016-06-08T14:59:42.313000",
"db": "NVD",
"id": "CVE-2016-4360"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-03T00:00:00",
"db": "ZDI",
"id": "ZDI-16-364"
},
{
"date": "2016-06-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03839"
},
{
"date": "2016-07-06T14:57:00",
"db": "BID",
"id": "90975"
},
{
"date": "2016-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003080"
},
{
"date": "2016-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-018"
},
{
"date": "2024-11-21T02:51:56.577000",
"db": "NVD",
"id": "CVE-2016-4360"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HPE LoadRunner and Performance Center Vulnerable to data modification",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003080"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-018"
}
],
"trust": 0.6
}
}
var-201505-0144
Vulnerability from variot
HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component, aka ZDI-CAN-2569. Authentication is not required to exploit this vulnerability.The specific flaw exists because neither the HttpServlet nor the NetworkEditorController sanitize the URL, and hence the file name, requested. An attacker can use this to read any file on the system under the context of SYSTEM. HP LoadRunner and Performance Center is a new version of software and services designed to help IT organizations improve performance management throughout the application lifecycle. Allows an attacker to exploit this vulnerability for sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04657310
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04657310 Version: 1
HPSBGN03328 rev.1 - Network Virtualization for HP LoadRunner and Performance Center, Remote Information Disclosure
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
References:
CVE-2015-2121 (ZDI-CAN-2569, SSRT101932)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Network Virtualization for HP LoadRunner and Performance Center v11.52, v8.61
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-2121 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Aniway.Anyway@gmail.com working with HP's Zero Day Initiative for reporting this issue to security-alert@hp.com.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlVJQ1gACgkQ4B86/C0qfVnCMQCeMTHLHHtTr3Ut1ulcNp9NTYlt ZmEAoKflq7JkSOLjj8iHQ+JgsFTtsoPE =mlT5 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0144",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network virtualization",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "11.52"
},
{
"model": "network virtualization",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "8.61"
},
{
"model": "hp network virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.52"
},
{
"model": "hp network virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "8.61"
},
{
"model": "network virtualization",
"scope": null,
"trust": 0.7,
"vendor": "hewlett packard",
"version": null
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "11.52"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "8.61"
},
{
"model": "performance center",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "11.52"
},
{
"model": "performance center",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "8.61"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "network virtualization",
"version": "8.61"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "network virtualization",
"version": "11.52"
}
],
"sources": [
{
"db": "IVD",
"id": "52a62ba0-1fd7-4027-972f-e97f629cf187"
},
{
"db": "ZDI",
"id": "ZDI-15-192"
},
{
"db": "CNVD",
"id": "CNVD-2015-02998"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002805"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-085"
},
{
"db": "NVD",
"id": "CVE-2015-2121"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hp:network_virtualization",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002805"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aniway.Anyway@gmail.com",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-192"
}
],
"trust": 0.7
},
"cve": "CVE-2015-2121",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-2121",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 2.5,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-02998",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "52a62ba0-1fd7-4027-972f-e97f629cf187",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2121",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-2121",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2015-2121",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-02998",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-085",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "52a62ba0-1fd7-4027-972f-e97f629cf187",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "52a62ba0-1fd7-4027-972f-e97f629cf187"
},
{
"db": "ZDI",
"id": "ZDI-15-192"
},
{
"db": "CNVD",
"id": "CNVD-2015-02998"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002805"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-085"
},
{
"db": "NVD",
"id": "CVE-2015-2121"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component, aka ZDI-CAN-2569. Authentication is not required to exploit this vulnerability.The specific flaw exists because neither the HttpServlet nor the NetworkEditorController sanitize the URL, and hence the file name, requested. An attacker can use this to read any file on the system under the context of SYSTEM. HP LoadRunner and Performance Center is a new version of software and services designed to help IT organizations improve performance management throughout the application lifecycle. Allows an attacker to exploit this vulnerability for sensitive information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04657310\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04657310\nVersion: 1\n\nHPSBGN03328 rev.1 - Network Virtualization for HP LoadRunner and Performance\nCenter, Remote Information Disclosure\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nReferences:\n\nCVE-2015-2121 (ZDI-CAN-2569, SSRT101932)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nNetwork Virtualization for HP LoadRunner and Performance Center v11.52, v8.61\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-2121 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nThe Hewlett-Packard Company thanks Aniway.Anyway@gmail.com working with HP\u0027s\nZero Day Initiative for reporting this issue to security-alert@hp.com. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlVJQ1gACgkQ4B86/C0qfVnCMQCeMTHLHHtTr3Ut1ulcNp9NTYlt\nZmEAoKflq7JkSOLjj8iHQ+JgsFTtsoPE\n=mlT5\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2121"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002805"
},
{
"db": "ZDI",
"id": "ZDI-15-192"
},
{
"db": "CNVD",
"id": "CNVD-2015-02998"
},
{
"db": "BID",
"id": "74583"
},
{
"db": "IVD",
"id": "52a62ba0-1fd7-4027-972f-e97f629cf187"
},
{
"db": "PACKETSTORM",
"id": "131848"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2121",
"trust": 4.3
},
{
"db": "ZDI",
"id": "ZDI-15-192",
"trust": 2.3
},
{
"db": "BID",
"id": "74583",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2015-02998",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-085",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002805",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2569",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "64458",
"trust": 0.6
},
{
"db": "IVD",
"id": "52A62BA0-1FD7-4027-972F-E97F629CF187",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "131848",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "52a62ba0-1fd7-4027-972f-e97f629cf187"
},
{
"db": "ZDI",
"id": "ZDI-15-192"
},
{
"db": "CNVD",
"id": "CNVD-2015-02998"
},
{
"db": "BID",
"id": "74583"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002805"
},
{
"db": "PACKETSTORM",
"id": "131848"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-085"
},
{
"db": "NVD",
"id": "CVE-2015-2121"
}
]
},
"id": "VAR-201505-0144",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "52a62ba0-1fd7-4027-972f-e97f629cf187"
},
{
"db": "CNVD",
"id": "CNVD-2015-02998"
}
],
"trust": 1.15433716
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "52a62ba0-1fd7-4027-972f-e97f629cf187"
},
{
"db": "CNVD",
"id": "CNVD-2015-02998"
}
]
},
"last_update_date": "2024-11-23T22:08:07.403000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBGN03328 SSRT101932",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04657310"
},
{
"title": "Hewlett-Packard has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04657310"
},
{
"title": "Patch for HP LoadRunner and Performance Center Network Virtualization Remote Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/58316"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-192"
},
{
"db": "CNVD",
"id": "CNVD-2015-02998"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002805"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002805"
},
{
"db": "NVD",
"id": "CVE-2015-2121"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/74583"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-15-192/"
},
{
"trust": 1.6,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04657310"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2121"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2121"
},
{
"trust": 0.7,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c04657310"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/64458"
},
{
"trust": 0.3,
"url": "http://www.hp.com"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2121"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-192"
},
{
"db": "CNVD",
"id": "CNVD-2015-02998"
},
{
"db": "BID",
"id": "74583"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002805"
},
{
"db": "PACKETSTORM",
"id": "131848"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-085"
},
{
"db": "NVD",
"id": "CVE-2015-2121"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "52a62ba0-1fd7-4027-972f-e97f629cf187"
},
{
"db": "ZDI",
"id": "ZDI-15-192"
},
{
"db": "CNVD",
"id": "CNVD-2015-02998"
},
{
"db": "BID",
"id": "74583"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002805"
},
{
"db": "PACKETSTORM",
"id": "131848"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-085"
},
{
"db": "NVD",
"id": "CVE-2015-2121"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-13T00:00:00",
"db": "IVD",
"id": "52a62ba0-1fd7-4027-972f-e97f629cf187"
},
{
"date": "2015-05-12T00:00:00",
"db": "ZDI",
"id": "ZDI-15-192"
},
{
"date": "2015-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02998"
},
{
"date": "2015-05-05T00:00:00",
"db": "BID",
"id": "74583"
},
{
"date": "2015-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002805"
},
{
"date": "2015-05-11T21:24:32",
"db": "PACKETSTORM",
"id": "131848"
},
{
"date": "2015-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-085"
},
{
"date": "2015-05-25T17:59:02.280000",
"db": "NVD",
"id": "CVE-2015-2121"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-12T00:00:00",
"db": "ZDI",
"id": "ZDI-15-192"
},
{
"date": "2015-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02998"
},
{
"date": "2015-05-15T00:13:00",
"db": "BID",
"id": "74583"
},
{
"date": "2015-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002805"
},
{
"date": "2015-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-085"
},
{
"date": "2024-11-21T02:26:50.017000",
"db": "NVD",
"id": "CVE-2015-2121"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-085"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP LoadRunner and Performance Center Network Virtualization Remote Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "52a62ba0-1fd7-4027-972f-e97f629cf187"
},
{
"db": "CNVD",
"id": "CNVD-2015-02998"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-085"
}
],
"trust": 0.6
}
}
var-201606-0400
Vulnerability from variot
Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516. HPE LoadRunner and Performance Center Get important information, change data, or disrupt service (DoS) There are vulnerabilities that are put into a state. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-3516 Was numbered.A third party obtains important information, changes data, or interferes with service operations. (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise LoadRunner. Authentication is not required to exploit this vulnerability.The specific flaw exists within mchan.dll when constructing a shared memory file name. The issue lies in the failure to validate the size of a user-supplied string prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. HPE LoadRunner and Performance Center are performance load testing software from Hewlett Packard, USA. Multiple HP Products are prone to multiple remote code-execution and denial-of-service vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05157423
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05157423 Version: 1
HPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-05-31 Last Updated: 2016-05-31
Potential Security Impact: Remote Code Execution, Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Several potential security vulnerabilities have been identified in HPE LoadRunner and Performance Center. These vulnerabilities could be exploited remotely to allow code execution, and Denial of Service (DoS).
References:
CVE-2016-4359 (PSRT110020, ZDI-CAN-3516) CVE-2016-4360 (PSRT110032, ZDI-CAN-3555) CVE-2016-4361 (SSRT102274)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
http://www.hpe.com/software/updates
Performance Center v11.52, please update to Performance Center v12.53 or later.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBAgAGBQJXTuaIAAoJEGIGBBYqRO9/2jsIANv3Bafqi6/Cl1UOgtPdLau8 FWnwoZnNUS8aEa33EKMMWQBZbNbLVSkILV/JmkgASHNY5nv2hAV7XPv+UsfEjMyv 99y6qa8ejcvI3E8L5nQFri6r7v9A8PqKfAedkUuZJrDZ3GTF7xX3jnmCmYezF843 PBvIF5/ZGu45xbWb7BavgsuXGmgnk2Ol6m6J9uJMTEKECwmRA1WH1lmbXXI5lxYT Let6E0F0dVyVly9avHZYkoQZbOxErVC00tUQUONCIEaYhlxhUJZxqAtjET/SwV+0 KCgliaNiCmbsBjXI+w2diYHI1QJALWUQ5gxdPhEmOfm/hT9LQ5G5Gj7PSp1unNo= =Yk9f -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0400",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.01"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.20"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.02"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "11.52"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.50"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "11.52"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.50"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.01"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.00"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.00"
},
{
"model": "hpe loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.52 patch 3 for up to 11.52"
},
{
"model": "hpe loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.00 patch 1 for up to 12.00"
},
{
"model": "hpe loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.01 patch 3 for up to 12.01"
},
{
"model": "hpe loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.02 patch 2 for up to 12.02"
},
{
"model": "hpe loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.50 patch 3 for up to 12.50"
},
{
"model": "hpe performance center",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.52 patch 3 for up to 11.52"
},
{
"model": "hpe performance center",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.00 patch 1 for up to 12.00"
},
{
"model": "hpe performance center",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.01 patch 3 for up to 12.01"
},
{
"model": "hpe performance center",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.20 patch 2 for up to 12.20"
},
{
"model": "hpe performance center",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.50 patch 1 for up to 12.50"
},
{
"model": "loadrunner",
"scope": null,
"trust": 0.7,
"vendor": "hewlett packard",
"version": null
},
{
"model": "loadrunner \u003e=11.52,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3"
},
{
"model": "loadrunner \u003e=12.00,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1"
},
{
"model": "loadrunner \u003e=12.01,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3"
},
{
"model": "loadrunner \u003e=12.02,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2"
},
{
"model": "loadrunner \u003e=12.50,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3"
},
{
"model": "performance center \u003e=11.52,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3"
},
{
"model": "performance center \u003e=12.00,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1"
},
{
"model": "performance center \u003e=12.01,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3"
},
{
"model": "performance center \u003e=12.20,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2"
},
{
"model": "performance center \u003e=12.50,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "11.52"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "12.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "12.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "12.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "12.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "11.52"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "12.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "12.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "12.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "12.50"
}
],
"sources": [
{
"db": "IVD",
"id": "68d6eaa9-a4ab-41ad-9636-30d69bcd609f"
},
{
"db": "ZDI",
"id": "ZDI-16-363"
},
{
"db": "CNVD",
"id": "CNVD-2016-03840"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003064"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-017"
},
{
"db": "NVD",
"id": "CVE-2016-4359"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hp:loadrunner",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:performance_center",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003064"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenable Network Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-363"
}
],
"trust": 0.7
},
"cve": "CVE-2016-4359",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4359",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 2.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-03840",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "68d6eaa9-a4ab-41ad-9636-30d69bcd609f",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4359",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4359",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-4359",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2016-4359",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-03840",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-017",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "68d6eaa9-a4ab-41ad-9636-30d69bcd609f",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "68d6eaa9-a4ab-41ad-9636-30d69bcd609f"
},
{
"db": "ZDI",
"id": "ZDI-16-363"
},
{
"db": "CNVD",
"id": "CNVD-2016-03840"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003064"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-017"
},
{
"db": "NVD",
"id": "CVE-2016-4359"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516. HPE LoadRunner and Performance Center Get important information, change data, or disrupt service (DoS) There are vulnerabilities that are put into a state. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-3516 Was numbered.A third party obtains important information, changes data, or interferes with service operations. (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise LoadRunner. Authentication is not required to exploit this vulnerability.The specific flaw exists within mchan.dll when constructing a shared memory file name. The issue lies in the failure to validate the size of a user-supplied string prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. HPE LoadRunner and Performance Center are performance load testing software from Hewlett Packard, USA. Multiple HP Products are prone to multiple remote code-execution and denial-of-service vulnerabilities. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05157423\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05157423\nVersion: 1\n\nHPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code\nExecution, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-05-31\nLast Updated: 2016-05-31\n\nPotential Security Impact: Remote Code Execution, Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nSeveral potential security vulnerabilities have been identified in HPE\nLoadRunner and Performance Center. These vulnerabilities could be exploited\nremotely to allow code execution, and Denial of Service (DoS). \n\nReferences:\n\nCVE-2016-4359 (PSRT110020, ZDI-CAN-3516)\nCVE-2016-4360 (PSRT110032, ZDI-CAN-3555)\nCVE-2016-4361 (SSRT102274)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nhttp://www.hpe.com/software/updates\n\nPerformance Center v11.52, please update to Performance Center v12.53 or\nlater. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBAgAGBQJXTuaIAAoJEGIGBBYqRO9/2jsIANv3Bafqi6/Cl1UOgtPdLau8\nFWnwoZnNUS8aEa33EKMMWQBZbNbLVSkILV/JmkgASHNY5nv2hAV7XPv+UsfEjMyv\n99y6qa8ejcvI3E8L5nQFri6r7v9A8PqKfAedkUuZJrDZ3GTF7xX3jnmCmYezF843\nPBvIF5/ZGu45xbWb7BavgsuXGmgnk2Ol6m6J9uJMTEKECwmRA1WH1lmbXXI5lxYT\nLet6E0F0dVyVly9avHZYkoQZbOxErVC00tUQUONCIEaYhlxhUJZxqAtjET/SwV+0\nKCgliaNiCmbsBjXI+w2diYHI1QJALWUQ5gxdPhEmOfm/hT9LQ5G5Gj7PSp1unNo=\n=Yk9f\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4359"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003064"
},
{
"db": "ZDI",
"id": "ZDI-16-363"
},
{
"db": "CNVD",
"id": "CNVD-2016-03840"
},
{
"db": "BID",
"id": "90975"
},
{
"db": "IVD",
"id": "68d6eaa9-a4ab-41ad-9636-30d69bcd609f"
},
{
"db": "PACKETSTORM",
"id": "137267"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4359",
"trust": 4.3
},
{
"db": "ZDI",
"id": "ZDI-16-363",
"trust": 1.7
},
{
"db": "BID",
"id": "90975",
"trust": 1.3
},
{
"db": "SECTRACK",
"id": "1036006",
"trust": 1.0
},
{
"db": "TENABLE",
"id": "TRA-2016-16",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2016-03840",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-017",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003064",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3516",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "137267",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2016.1387",
"trust": 0.6
},
{
"db": "IVD",
"id": "68D6EAA9-A4AB-41AD-9636-30D69BCD609F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "68d6eaa9-a4ab-41ad-9636-30d69bcd609f"
},
{
"db": "ZDI",
"id": "ZDI-16-363"
},
{
"db": "CNVD",
"id": "CNVD-2016-03840"
},
{
"db": "BID",
"id": "90975"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003064"
},
{
"db": "PACKETSTORM",
"id": "137267"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-017"
},
{
"db": "NVD",
"id": "CVE-2016-4359"
}
]
},
"id": "VAR-201606-0400",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "68d6eaa9-a4ab-41ad-9636-30d69bcd609f"
},
{
"db": "CNVD",
"id": "CNVD-2016-03840"
}
],
"trust": 1.15433716
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "68d6eaa9-a4ab-41ad-9636-30d69bcd609f"
},
{
"db": "CNVD",
"id": "CNVD-2016-03840"
}
]
},
"last_update_date": "2024-11-23T22:01:24.043000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBGN03609",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157423"
},
{
"title": "Hewlett Packard Enterprise has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"title": "HPE LoadRunner and Performance Center have multiple patches for security vulnerabilities (CNVD-2016-03840)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/76999"
},
{
"title": "HPE LoadRunner and Performance Center Fixes for multiple security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62042"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-363"
},
{
"db": "CNVD",
"id": "CNVD-2016-03840"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003064"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-017"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4359"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05157423"
},
{
"trust": 1.2,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157423"
},
{
"trust": 1.0,
"url": "https://www.tenable.com/security/research/tra-2016-16"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-363"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/90975"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1036006"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4359"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4359"
},
{
"trust": 0.6,
"url": "http://packetstormsecurity.com/files/137267/hp-security-bulletin-hpsbgn03609-1.html"
},
{
"trust": 0.6,
"url": "http://www.auscert.org.au/./render.html?it=35318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4359"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/software/updates"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4361"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4360"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetse"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-363"
},
{
"db": "CNVD",
"id": "CNVD-2016-03840"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003064"
},
{
"db": "PACKETSTORM",
"id": "137267"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-017"
},
{
"db": "NVD",
"id": "CVE-2016-4359"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "68d6eaa9-a4ab-41ad-9636-30d69bcd609f"
},
{
"db": "ZDI",
"id": "ZDI-16-363"
},
{
"db": "CNVD",
"id": "CNVD-2016-03840"
},
{
"db": "BID",
"id": "90975"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003064"
},
{
"db": "PACKETSTORM",
"id": "137267"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-017"
},
{
"db": "NVD",
"id": "CVE-2016-4359"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-07T00:00:00",
"db": "IVD",
"id": "68d6eaa9-a4ab-41ad-9636-30d69bcd609f"
},
{
"date": "2016-06-03T00:00:00",
"db": "ZDI",
"id": "ZDI-16-363"
},
{
"date": "2016-06-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03840"
},
{
"date": "2016-05-31T00:00:00",
"db": "BID",
"id": "90975"
},
{
"date": "2016-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003064"
},
{
"date": "2016-06-01T15:47:01",
"db": "PACKETSTORM",
"id": "137267"
},
{
"date": "2016-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-017"
},
{
"date": "2016-06-08T14:59:37.797000",
"db": "NVD",
"id": "CVE-2016-4359"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-03T00:00:00",
"db": "ZDI",
"id": "ZDI-16-363"
},
{
"date": "2016-06-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03840"
},
{
"date": "2016-07-06T14:57:00",
"db": "BID",
"id": "90975"
},
{
"date": "2016-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003064"
},
{
"date": "2016-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-017"
},
{
"date": "2024-11-21T02:51:56.433000",
"db": "NVD",
"id": "CVE-2016-4359"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-017"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HPE LoadRunner and Performance Center Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003064"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "68d6eaa9-a4ab-41ad-9636-30d69bcd609f"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-017"
}
],
"trust": 0.8
}
}
var-201005-0161
Vulnerability from variot
Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the process magentproc.exe that binds to TCP port 54345. A specially crafted packet will allow unauthenticated users to execute local commands. When a state of 0 or 4 is passed after the parameters, mchan.dll will process the commands on the host. This allows for remote code execution under the context of the SYSTEM user. Successful exploits will result in the complete compromise of affected computers. HP LoadRunner Agent 9.50 is vulnerable; other versions may also be affected. See the 'Configuration' chapter, 'Recommended Configuration' section. ----------------------------------------------------------------------
Looking for a job?
Secunia is hiring skilled researchers and talented developers.
PROVIDED AND/OR DISCOVERED BY: Tenable Network Security, reported via ZDI.
ORIGINAL ADVISORY: HP (HPSBMA02201 SSRT071328): https://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00912968
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-080/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ZDI-10-080: HP Mercury LoadRunner Agent Trusted Input Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-080 May 6, 2010
-- CVE ID: CVE-2010-1549
-- Affected Vendors: Hewlett-Packard
-- Affected Products: Hewlett-Packard LoadRunner
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 5356. Authentication is not required to exploit this vulnerability.
-- Vendor Response: Hewlett-Packard has issued an update to correct this vulnerability. More details can be found at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00912968
-- Disclosure Timeline: 2007-03-19 - Vulnerability reported to vendor 2010-05-06 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by: * Tenable Network Security
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00912968 Version: 1
HPSBMA02201 SSRT071328 rev.1 - HP LoadRunner Agent on Windows, Remote Unauthenticated Arbitrary Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
References: ZDI-CAN-177, CVE-2010-1549
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP LoadRunner Agent running on Windows, supplied with LoadRunner prior to v9.50
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-1549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
Acknowledgement: The Hewlett-Packard Company thanks Tenable Network Security along with TippingPoints Zero Day Initiative for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
The vulnerability can be resolved by enabling the Secure Channel feature. This resolution requires installation of LoadRunner v9.50 or subsequent.
Note: Starting with version 9.50 LoadRunner has provided a documented feature called Secure Channel. Secure Channel prevents non-trusted sources from transmitting code to the Load Generators by establishing an encrypted and secured communication channel. Secure Channel is disabled by default.
There are detailed instructions regarding Secure Channel in the HP LoadRunner Controller User's Guide. See the chapter 'Secure Host Communication'. The chapter sections 'Local Security Configuration' and 'Remote Security Configuration' have instructions to enforce secure communication using the Secure Channel feature. Using Secure Channel involves both enabling the Secure Channel feature and setting the security key.
PRODUCT SPECIFIC INFORMATION None
HISTORY: Version: 1 (rev.1) - 5 May 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvhiXEACgkQ4B86/C0qfVn76gCg2J9vEFjKUEvVD+XjIijUC7ZA PkoAn1C32Dv2yF25fzW5f37FZr2xGMo3 =1gzO -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "7.5"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "8.0"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "8.14"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "9.0"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "8.13"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "8.12"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "7.51"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "7.8"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "7.02"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "7.0"
},
{
"_id": null,
"model": "performance center",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "9.0"
},
{
"_id": null,
"model": "loadrunner",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "9.10"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "7.6"
},
{
"_id": null,
"model": "hp loadrunner",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "9.50"
},
{
"_id": null,
"model": "performance center",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "9.50"
},
{
"_id": null,
"model": "loadrunner",
"scope": null,
"trust": 0.7,
"vendor": "hewlett packard",
"version": null
},
{
"_id": null,
"model": "performance center",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "9.0"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "9.10"
},
{
"_id": null,
"model": "performance center agent fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"_id": null,
"model": "performance center agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "mercury performance center agent fp4",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"_id": null,
"model": "mercury performance center agent fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"_id": null,
"model": "mercury performance center agent fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"_id": null,
"model": "mercury performance center agent fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"_id": null,
"model": "mercury performance center agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"_id": null,
"model": "mercury performance center agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0"
},
{
"_id": null,
"model": "mercury loadrunner agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.5"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-080"
},
{
"db": "BID",
"id": "39965"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004700"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-106"
},
{
"db": "NVD",
"id": "CVE-2010-1549"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hp:loadrunner",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:performance_center",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004700"
}
]
},
"credits": {
"_id": null,
"data": "Tenable Network Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-080"
}
],
"trust": 0.7
},
"cve": "CVE-2010-1549",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-1549",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 2.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-1549",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-1549",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2010-1549",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201005-106",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2010-1549",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-080"
},
{
"db": "VULMON",
"id": "CVE-2010-1549"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004700"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-106"
},
{
"db": "NVD",
"id": "CVE-2010-1549"
}
]
},
"description": {
"_id": null,
"data": "Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the process magentproc.exe that binds to TCP port 54345. A specially crafted packet will allow unauthenticated users to execute local commands. When a state of 0 or 4 is passed after the parameters, mchan.dll will process the commands on the host. This allows for remote code execution under the context of the SYSTEM user. Successful exploits will result in the complete compromise of affected computers. \nHP LoadRunner Agent 9.50 is vulnerable; other versions may also be affected. See the \u0027Configuration\u0027 chapter, \u0027Recommended Configuration\u0027 section. ----------------------------------------------------------------------\n\n\nLooking for a job?\n\n\nSecunia is hiring skilled researchers and talented developers. \n\nPROVIDED AND/OR DISCOVERED BY:\nTenable Network Security, reported via ZDI. \n\nORIGINAL ADVISORY:\nHP (HPSBMA02201 SSRT071328):\nhttps://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00912968\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-080/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ZDI-10-080: HP Mercury LoadRunner Agent Trusted Input Remote Code Execution Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-080\nMay 6, 2010\n\n-- CVE ID:\nCVE-2010-1549\n\n-- Affected Vendors:\nHewlett-Packard\n\n-- Affected Products:\nHewlett-Packard LoadRunner\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 5356. Authentication is not\nrequired to exploit this vulnerability. \n\n-- Vendor Response:\nHewlett-Packard has issued an update to correct this vulnerability. More\ndetails can be found at:\n\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00912968\n\n-- Disclosure Timeline:\n2007-03-19 - Vulnerability reported to vendor\n2010-05-06 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by:\n * Tenable Network Security\n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n http://twitter.com/thezdi. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\t\t\tSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00912968\nVersion: 1\n\nHPSBMA02201 SSRT071328 rev.1 - HP LoadRunner Agent on Windows, Remote Unauthenticated Arbitrary Code Execution\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nReferences: ZDI-CAN-177, CVE-2010-1549\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP LoadRunner Agent running on Windows, supplied with LoadRunner prior to v9.50\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-1549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nAcknowledgement: The Hewlett-Packard Company thanks Tenable Network Security along with TippingPoints Zero Day Initiative for reporting this vulnerability to security-alert@hp.com. \n\nRESOLUTION\n\nThe vulnerability can be resolved by enabling the Secure Channel feature. This resolution requires installation of LoadRunner v9.50 or subsequent. \n\nNote: Starting with version 9.50 LoadRunner has provided a documented feature called Secure Channel. Secure Channel prevents non-trusted sources from transmitting code to the Load Generators by establishing an encrypted and secured communication channel. Secure Channel is disabled by default. \n\nThere are detailed instructions regarding Secure Channel in the HP LoadRunner Controller User\u0027s Guide. See the chapter \u0027Secure Host Communication\u0027. The chapter sections \u0027Local Security Configuration\u0027 and \u0027Remote Security Configuration\u0027 have instructions to enforce secure communication using the Secure Channel feature. Using Secure Channel involves both enabling the Secure Channel feature and setting the security key. \n\nPRODUCT SPECIFIC INFORMATION\nNone\n\nHISTORY:\nVersion: 1 (rev.1) - 5 May 2010 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAkvhiXEACgkQ4B86/C0qfVn76gCg2J9vEFjKUEvVD+XjIijUC7ZA\nPkoAn1C32Dv2yF25fzW5f37FZr2xGMo3\n=1gzO\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1549"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004700"
},
{
"db": "ZDI",
"id": "ZDI-10-080"
},
{
"db": "BID",
"id": "39965"
},
{
"db": "VULMON",
"id": "CVE-2010-1549"
},
{
"db": "PACKETSTORM",
"id": "89397"
},
{
"db": "PACKETSTORM",
"id": "89286"
},
{
"db": "PACKETSTORM",
"id": "89252"
},
{
"db": "PACKETSTORM",
"id": "89250"
}
],
"trust": 2.97
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43411",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-1549"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2010-1549",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-10-080",
"trust": 1.2
},
{
"db": "EXPLOIT-DB",
"id": "43411",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004700",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-177",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "14967",
"trust": 0.6
},
{
"db": "HP",
"id": "SSRT071328",
"trust": 0.6
},
{
"db": "HP",
"id": "HPSBMA02201",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201005-106",
"trust": 0.6
},
{
"db": "BID",
"id": "39965",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "39722",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2010-1549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89397",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89286",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89252",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89250",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-080"
},
{
"db": "VULMON",
"id": "CVE-2010-1549"
},
{
"db": "BID",
"id": "39965"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004700"
},
{
"db": "PACKETSTORM",
"id": "89397"
},
{
"db": "PACKETSTORM",
"id": "89286"
},
{
"db": "PACKETSTORM",
"id": "89252"
},
{
"db": "PACKETSTORM",
"id": "89250"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-106"
},
{
"db": "NVD",
"id": "CVE-2010-1549"
}
]
},
"id": "VAR-201005-0161",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.35433716
},
"last_update_date": "2024-11-23T22:56:53.277000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HPSBMA02201 SSRT071328",
"trust": 1.5,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00912968"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-080"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004700"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1549"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/43411/"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/archive/1/511146/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://seclists.org/bugtraq/2010/may/69"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/511146/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c00912968"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1549"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1549"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/14967"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-080"
},
{
"trust": 0.3,
"url": "http://www.hp.com"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1549"
},
{
"trust": 0.2,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.2,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.2,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/39965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/windows/misc/hp_loadrunner_magentproc_cmdexec"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/39722/"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-080/"
},
{
"trust": 0.1,
"url": "https://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c00912968"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
},
{
"trust": 0.1,
"url": "http://twitter.com/thezdi"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-080"
},
{
"db": "VULMON",
"id": "CVE-2010-1549"
},
{
"db": "BID",
"id": "39965"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004700"
},
{
"db": "PACKETSTORM",
"id": "89397"
},
{
"db": "PACKETSTORM",
"id": "89286"
},
{
"db": "PACKETSTORM",
"id": "89252"
},
{
"db": "PACKETSTORM",
"id": "89250"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-106"
},
{
"db": "NVD",
"id": "CVE-2010-1549"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-10-080",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2010-1549",
"ident": null
},
{
"db": "BID",
"id": "39965",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004700",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "89397",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "89286",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "89252",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "89250",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201005-106",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2010-1549",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2010-05-06T00:00:00",
"db": "ZDI",
"id": "ZDI-10-080",
"ident": null
},
{
"date": "2010-05-07T00:00:00",
"db": "VULMON",
"id": "CVE-2010-1549",
"ident": null
},
{
"date": "2010-05-06T00:00:00",
"db": "BID",
"id": "39965",
"ident": null
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004700",
"ident": null
},
{
"date": "2010-05-12T02:00:25",
"db": "PACKETSTORM",
"id": "89397",
"ident": null
},
{
"date": "2010-05-08T08:39:21",
"db": "PACKETSTORM",
"id": "89286",
"ident": null
},
{
"date": "2010-05-07T02:26:52",
"db": "PACKETSTORM",
"id": "89252",
"ident": null
},
{
"date": "2010-05-07T02:20:43",
"db": "PACKETSTORM",
"id": "89250",
"ident": null
},
{
"date": "2010-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201005-106",
"ident": null
},
{
"date": "2010-05-07T18:24:15.953000",
"db": "NVD",
"id": "CVE-2010-1549",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2010-05-06T00:00:00",
"db": "ZDI",
"id": "ZDI-10-080",
"ident": null
},
{
"date": "2018-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2010-1549",
"ident": null
},
{
"date": "2010-05-11T16:02:00",
"db": "BID",
"id": "39965",
"ident": null
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004700",
"ident": null
},
{
"date": "2011-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201005-106",
"ident": null
},
{
"date": "2024-11-21T01:14:40.733000",
"db": "NVD",
"id": "CVE-2010-1549",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "89397"
},
{
"db": "PACKETSTORM",
"id": "89250"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-106"
}
],
"trust": 0.8
},
"title": {
"_id": null,
"data": "HP LoadRunner Vulnerability in arbitrary code execution in agents such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004700"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201005-106"
}
],
"trust": 0.6
}
}
var-201606-0402
Vulnerability from variot
HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors. HPE LoadRunner and Performance Center There is a service disruption (DoS) There are vulnerabilities that are put into a state.Service disruption by a third party (DoS) There is a possibility of being put into a state. HPE LoadRunner and Performance Center are performance load testing software from Hewlett Packard, USA. Multiple HP Products are prone to multiple remote code-execution and denial-of-service vulnerabilities. Successfully exploiting these issues allows remote attackers to execute arbitrary code or cause denial-of-service conditions; other attacks are also possible. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05157423
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05157423 Version: 1
HPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-05-31 Last Updated: 2016-05-31
Potential Security Impact: Remote Code Execution, Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Several potential security vulnerabilities have been identified in HPE LoadRunner and Performance Center. These vulnerabilities could be exploited remotely to allow code execution, and Denial of Service (DoS).
References:
CVE-2016-4359 (PSRT110020, ZDI-CAN-3516) CVE-2016-4360 (PSRT110032, ZDI-CAN-3555) CVE-2016-4361 (SSRT102274)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
http://www.hpe.com/software/updates
Performance Center v11.52, please update to Performance Center v12.53 or later.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBAgAGBQJXTuaIAAoJEGIGBBYqRO9/2jsIANv3Bafqi6/Cl1UOgtPdLau8 FWnwoZnNUS8aEa33EKMMWQBZbNbLVSkILV/JmkgASHNY5nv2hAV7XPv+UsfEjMyv 99y6qa8ejcvI3E8L5nQFri6r7v9A8PqKfAedkUuZJrDZ3GTF7xX3jnmCmYezF843 PBvIF5/ZGu45xbWb7BavgsuXGmgnk2Ol6m6J9uJMTEKECwmRA1WH1lmbXXI5lxYT Let6E0F0dVyVly9avHZYkoQZbOxErVC00tUQUONCIEaYhlxhUJZxqAtjET/SwV+0 KCgliaNiCmbsBjXI+w2diYHI1QJALWUQ5gxdPhEmOfm/hT9LQ5G5Gj7PSp1unNo= =Yk9f -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0402",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.01"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.20"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.02"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "11.52"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.50"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "11.52"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.50"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.01"
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.00"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "12.00"
},
{
"model": "hpe loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.52 patch 3 for up to 11.52"
},
{
"model": "hpe loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.00 patch 1 for up to 12.00"
},
{
"model": "hpe loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.01 patch 3 for up to 12.01"
},
{
"model": "hpe loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.02 patch 2 for up to 12.02"
},
{
"model": "hpe loadrunner",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.50 patch 3 for up to 12.50"
},
{
"model": "hpe performance center",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.52 patch 3 for up to 11.52"
},
{
"model": "hpe performance center",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.00 patch 1 for up to 12.00"
},
{
"model": "hpe performance center",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.01 patch 3 for up to 12.01"
},
{
"model": "hpe performance center",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.20 patch 2 for up to 12.20"
},
{
"model": "hpe performance center",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.50 patch 1 for up to 12.50"
},
{
"model": "loadrunner \u003e=11.52,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3"
},
{
"model": "loadrunner \u003e=12.00,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1"
},
{
"model": "loadrunner \u003e=12.01,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3"
},
{
"model": "loadrunner \u003e=12.02,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2"
},
{
"model": "loadrunner \u003e=12.50,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3"
},
{
"model": "performance center \u003e=11.52,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3"
},
{
"model": "performance center \u003e=12.00,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1"
},
{
"model": "performance center \u003e=12.01,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3"
},
{
"model": "performance center \u003e=12.20,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2"
},
{
"model": "performance center \u003e=12.50,\u003c=patch",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "11.52"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "12.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "12.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "12.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "12.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "11.52"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "12.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "12.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "12.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "12.50"
}
],
"sources": [
{
"db": "IVD",
"id": "b0326e5d-f60e-4e82-b70e-3923e90fe8c3"
},
{
"db": "CNVD",
"id": "CNVD-2016-03838"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003081"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-019"
},
{
"db": "NVD",
"id": "CVE-2016-4361"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hp:loadrunner",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:performance_center",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003081"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "90975"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4361",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4361",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-03838",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b0326e5d-f60e-4e82-b70e-3923e90fe8c3",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4361",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4361",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-4361",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-03838",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-019",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b0326e5d-f60e-4e82-b70e-3923e90fe8c3",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b0326e5d-f60e-4e82-b70e-3923e90fe8c3"
},
{
"db": "CNVD",
"id": "CNVD-2016-03838"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003081"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-019"
},
{
"db": "NVD",
"id": "CVE-2016-4361"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors. HPE LoadRunner and Performance Center There is a service disruption (DoS) There are vulnerabilities that are put into a state.Service disruption by a third party (DoS) There is a possibility of being put into a state. HPE LoadRunner and Performance Center are performance load testing software from Hewlett Packard, USA. Multiple HP Products are prone to multiple remote code-execution and denial-of-service vulnerabilities. \nSuccessfully exploiting these issues allows remote attackers to execute arbitrary code or cause denial-of-service conditions; other attacks are also possible. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05157423\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05157423\nVersion: 1\n\nHPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code\nExecution, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-05-31\nLast Updated: 2016-05-31\n\nPotential Security Impact: Remote Code Execution, Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nSeveral potential security vulnerabilities have been identified in HPE\nLoadRunner and Performance Center. These vulnerabilities could be exploited\nremotely to allow code execution, and Denial of Service (DoS). \n\nReferences:\n\nCVE-2016-4359 (PSRT110020, ZDI-CAN-3516)\nCVE-2016-4360 (PSRT110032, ZDI-CAN-3555)\nCVE-2016-4361 (SSRT102274)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nhttp://www.hpe.com/software/updates\n\nPerformance Center v11.52, please update to Performance Center v12.53 or\nlater. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBAgAGBQJXTuaIAAoJEGIGBBYqRO9/2jsIANv3Bafqi6/Cl1UOgtPdLau8\nFWnwoZnNUS8aEa33EKMMWQBZbNbLVSkILV/JmkgASHNY5nv2hAV7XPv+UsfEjMyv\n99y6qa8ejcvI3E8L5nQFri6r7v9A8PqKfAedkUuZJrDZ3GTF7xX3jnmCmYezF843\nPBvIF5/ZGu45xbWb7BavgsuXGmgnk2Ol6m6J9uJMTEKECwmRA1WH1lmbXXI5lxYT\nLet6E0F0dVyVly9avHZYkoQZbOxErVC00tUQUONCIEaYhlxhUJZxqAtjET/SwV+0\nKCgliaNiCmbsBjXI+w2diYHI1QJALWUQ5gxdPhEmOfm/hT9LQ5G5Gj7PSp1unNo=\n=Yk9f\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4361"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003081"
},
{
"db": "CNVD",
"id": "CNVD-2016-03838"
},
{
"db": "BID",
"id": "90975"
},
{
"db": "IVD",
"id": "b0326e5d-f60e-4e82-b70e-3923e90fe8c3"
},
{
"db": "PACKETSTORM",
"id": "137267"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4361",
"trust": 3.6
},
{
"db": "BID",
"id": "90975",
"trust": 1.3
},
{
"db": "TENABLE",
"id": "TRA-2016-26",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1036006",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2016-03838",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-019",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003081",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "137267",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2016.1387",
"trust": 0.6
},
{
"db": "IVD",
"id": "B0326E5D-F60E-4E82-B70E-3923E90FE8C3",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b0326e5d-f60e-4e82-b70e-3923e90fe8c3"
},
{
"db": "CNVD",
"id": "CNVD-2016-03838"
},
{
"db": "BID",
"id": "90975"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003081"
},
{
"db": "PACKETSTORM",
"id": "137267"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-019"
},
{
"db": "NVD",
"id": "CVE-2016-4361"
}
]
},
"id": "VAR-201606-0402",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b0326e5d-f60e-4e82-b70e-3923e90fe8c3"
},
{
"db": "CNVD",
"id": "CNVD-2016-03838"
}
],
"trust": 1.15433716
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b0326e5d-f60e-4e82-b70e-3923e90fe8c3"
},
{
"db": "CNVD",
"id": "CNVD-2016-03838"
}
]
},
"last_update_date": "2024-11-23T22:01:24.003000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBGN03609",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423"
},
{
"title": "Patch for multiple vulnerabilities (CNVD-2016-03838) in HPE LoadRunner and Performance Center",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/77000"
},
{
"title": "HPE LoadRunner and Performance Center Fixes for multiple security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62044"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03838"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003081"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-019"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4361"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157423"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/90975"
},
{
"trust": 1.0,
"url": "https://www.tenable.com/security/research/tra-2016-26"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05157423"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1036006"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4361"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4361"
},
{
"trust": 0.6,
"url": "http://packetstormsecurity.com/files/137267/hp-security-bulletin-hpsbgn03609-1.html"
},
{
"trust": 0.6,
"url": "http://www.auscert.org.au/./render.html?it=35318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4359"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/software/updates"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4361"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4360"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetse"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03838"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003081"
},
{
"db": "PACKETSTORM",
"id": "137267"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-019"
},
{
"db": "NVD",
"id": "CVE-2016-4361"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b0326e5d-f60e-4e82-b70e-3923e90fe8c3"
},
{
"db": "CNVD",
"id": "CNVD-2016-03838"
},
{
"db": "BID",
"id": "90975"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003081"
},
{
"db": "PACKETSTORM",
"id": "137267"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-019"
},
{
"db": "NVD",
"id": "CVE-2016-4361"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-07T00:00:00",
"db": "IVD",
"id": "b0326e5d-f60e-4e82-b70e-3923e90fe8c3"
},
{
"date": "2016-06-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03838"
},
{
"date": "2016-05-31T00:00:00",
"db": "BID",
"id": "90975"
},
{
"date": "2016-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003081"
},
{
"date": "2016-06-01T15:47:01",
"db": "PACKETSTORM",
"id": "137267"
},
{
"date": "2016-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-019"
},
{
"date": "2016-06-08T14:59:46.487000",
"db": "NVD",
"id": "CVE-2016-4361"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03838"
},
{
"date": "2016-07-06T14:57:00",
"db": "BID",
"id": "90975"
},
{
"date": "2016-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003081"
},
{
"date": "2016-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-019"
},
{
"date": "2024-11-21T02:51:56.727000",
"db": "NVD",
"id": "CVE-2016-4361"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-019"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HPE LoadRunner and Performance Center Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003081"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-019"
}
],
"trust": 0.6
}
}
var-201802-0037
Vulnerability from variot
A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found. HPE LoadRunner and Performance Center Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "loadrunner",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": null
},
{
"model": "performance center",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": null
},
{
"model": "hpe loadrunner",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hpe performance center",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "loadrunner",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "performance center",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.2,
"vendor": "hp",
"version": "*"
},
{
"model": "performance center",
"scope": "eq",
"trust": 0.2,
"vendor": "hp",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6d400-39ab-11e9-af00-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05577"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008939"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-478"
},
{
"db": "NVD",
"id": "CVE-2016-8512"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hp:loadrunner",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:performance_center",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008939"
}
]
},
"cve": "CVE-2016-8512",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8512",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05577",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2e6d400-39ab-11e9-af00-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8512",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8512",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-8512",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-05577",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-478",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e6d400-39ab-11e9-af00-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6d400-39ab-11e9-af00-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05577"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008939"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-478"
},
{
"db": "NVD",
"id": "CVE-2016-8512"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found. HPE LoadRunner and Performance Center Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8512"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008939"
},
{
"db": "CNVD",
"id": "CNVD-2018-05577"
},
{
"db": "IVD",
"id": "e2e6d400-39ab-11e9-af00-000c29342cb1"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8512",
"trust": 3.2
},
{
"db": "CNVD",
"id": "CNVD-2018-05577",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201802-478",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008939",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E6D400-39AB-11E9-AF00-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6d400-39ab-11e9-af00-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05577"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008939"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-478"
},
{
"db": "NVD",
"id": "CVE-2016-8512"
}
]
},
"id": "VAR-201802-0037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e6d400-39ab-11e9-af00-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05577"
}
],
"trust": 1.15433716
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6d400-39ab-11e9-af00-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05577"
}
]
},
"last_update_date": "2024-11-23T22:34:24.523000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBGN03679",
"trust": 0.8,
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05354136"
},
{
"title": "Patch for HP LoadRunner and Performance Center Remote Code Execution Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/122007"
},
{
"title": "HPE LoadRunner and Performance Center Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78557"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05577"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008939"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-478"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008939"
},
{
"db": "NVD",
"id": "CVE-2016-8512"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-c05354136"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8512"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8512"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05577"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008939"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-478"
},
{
"db": "NVD",
"id": "CVE-2016-8512"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e6d400-39ab-11e9-af00-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05577"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008939"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-478"
},
{
"db": "NVD",
"id": "CVE-2016-8512"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-19T00:00:00",
"db": "IVD",
"id": "e2e6d400-39ab-11e9-af00-000c29342cb1"
},
{
"date": "2018-03-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05577"
},
{
"date": "2018-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008939"
},
{
"date": "2018-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-478"
},
{
"date": "2018-02-15T22:29:00.480000",
"db": "NVD",
"id": "CVE-2016-8512"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05577"
},
{
"date": "2018-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008939"
},
{
"date": "2018-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-478"
},
{
"date": "2024-11-21T02:59:30.403000",
"db": "NVD",
"id": "CVE-2016-8512"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-478"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HPE LoadRunner and Performance Center Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008939"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "e2e6d400-39ab-11e9-af00-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-478"
}
],
"trust": 0.8
}
}
var-201802-0734
Vulnerability from variot
A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content on behalf of the victim on the SharePoint site
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0734",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "loadrunner",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "12.53"
},
{
"model": "performance center",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "12.53"
},
{
"model": "performance center",
"scope": "eq",
"trust": 0.9,
"vendor": "hp",
"version": "12.53"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.9,
"vendor": "hp",
"version": "12.53"
},
{
"model": "hpe loadrunner",
"scope": "lte",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.53"
},
{
"model": "hpe performance center",
"scope": "lte",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.53"
},
{
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.50"
},
{
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.20"
},
{
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.01"
},
{
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.00"
},
{
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.0"
},
{
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.52"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.50"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.02"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.01"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.0"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.52"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
}
],
"sources": [
{
"db": "BID",
"id": "100338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012576"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1043"
},
{
"db": "NVD",
"id": "CVE-2017-8953"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hp:loadrunner",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:performance_center",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012576"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "gheckoxs",
"sources": [
{
"db": "BID",
"id": "100338"
}
],
"trust": 0.3
},
"cve": "CVE-2017-8953",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2017-8953",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2017-8953",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8953",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-8953",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-1043",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012576"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1043"
},
{
"db": "NVD",
"id": "CVE-2017-8953"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content on behalf of the victim on the SharePoint site",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8953"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012576"
},
{
"db": "BID",
"id": "100338"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8953",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1038867",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1038868",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012576",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1043",
"trust": 0.6
},
{
"db": "BID",
"id": "100338",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "100338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012576"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1043"
},
{
"db": "NVD",
"id": "CVE-2017-8953"
}
]
},
"id": "VAR-201802-0734",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.35433716
},
"last_update_date": "2024-11-23T22:26:28.199000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPESBGN03764",
"trust": 0.8,
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03764en_us"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012576"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012576"
},
{
"db": "NVD",
"id": "CVE-2017-8953"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1038867"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1038868"
},
{
"trust": 1.6,
"url": "https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbgn03764en_us"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8953"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8953"
},
{
"trust": 0.3,
"url": "http://www.hp.com/"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbgn03764en_us"
}
],
"sources": [
{
"db": "BID",
"id": "100338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012576"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1043"
},
{
"db": "NVD",
"id": "CVE-2017-8953"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "100338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012576"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1043"
},
{
"db": "NVD",
"id": "CVE-2017-8953"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-17T00:00:00",
"db": "BID",
"id": "100338"
},
{
"date": "2018-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012576"
},
{
"date": "2017-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1043"
},
{
"date": "2018-02-15T22:29:08.077000",
"db": "NVD",
"id": "CVE-2017-8953"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-17T00:00:00",
"db": "BID",
"id": "100338"
},
{
"date": "2018-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012576"
},
{
"date": "2018-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1043"
},
{
"date": "2024-11-21T03:35:03.717000",
"db": "NVD",
"id": "CVE-2017-8953"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1043"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HPE LoadRunner and Performance Center Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1043"
}
],
"trust": 0.6
}
}
var-201609-0438
Vulnerability from variot
HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors. HP LoadRunner and Performance Center are prone to an unspecified denial-of-service vulnerability. A remote attacker can leverage this issue to cause denial-of-service condition. The following products are vulnerable: Versions prior to Performance Center 12.50 Versions prior to LoadRunner 12.50. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05278882
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05278882 Version: 1
HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-09-20 Last Updated: 2016-09-20
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerability have been identified in HPE LoadRunner and Performance Center. This vulnerability could be exploited remotely to allow Denial of Service (DoS).
References:
CVE-2016-4384 PSRT110230
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPE Performance Center - all versions prior to v12.50 HPE LoadRunner - all versions prior to v12.50
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-4384
8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
Hewlett Packard Enterprise thanks Tenable Network Security for reporting this issue to security-alert@hpe.com
RESOLUTION
HPE has released following updates to resolve the vulnerabilities in the impacted versions of LoadRunner and Performance Center:
Performance Center v12.53 - https://softwaresupport.hp.com/group/softwaresupp ort/search-result/-/facetsearch/document/KM02354255
LoadRunner v12.53 - https://softwaresupport.hp.com/group/softwaresupport/sear ch-result/-/facetsearch/document/KM02320462
LoadRunner v12.50 patch 3 - https://softwaresupport.hp.com/group/softwaresupp ort/search-result/-/facetsearch/document/KM02040111
HISTORY Version:1 (rev.1) - 20 September 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBAgAGBQJX6VBSAAoJEGIGBBYqRO9/kV8IANtX4baDp0m/0Dnqfi0hlxga TQnS1TL9d38NDzvYLSzhbKIYLEoM4ymM/W376q+SD8bOjkiCZ7kmHAlZw/PHp0ny KewKknH/FPTjqoBCspHMxN8Cgos18/B4v8QPfnJE/xsFQcEmsPUnghB8ENR6m9ST rfPom6nDEg1zzMB5VdTuwQEx729/EQzSCEOm2yOLxMD9YPEhX/JMlf8UnQQW1skE MGr13WD89wBxM+tNMhQJDNLTMLd8lWfB9PTwxwOr4TE+mq+Pfiw1E9SvjUuZ/ikZ GBq4x7RHD3ZE37CR9aSxq55l1UwVaCMmBzyq8l20XjRvfQkyBggYYM3IV8ChmbM= =PGVh -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0438",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "loadrunner",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "12.02"
},
{
"model": "performance center",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "12.20"
},
{
"model": "performance center",
"scope": "eq",
"trust": 0.9,
"vendor": "hp",
"version": "12.20"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.9,
"vendor": "hp",
"version": "12.02"
},
{
"model": "hpe loadrunner",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.50"
},
{
"model": "hpe performance center",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.50"
},
{
"model": "performance center patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.202"
},
{
"model": "performance center patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.013"
},
{
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.01"
},
{
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.00"
},
{
"model": "performance center patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.01"
},
{
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.0"
},
{
"model": "performance center patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.523"
},
{
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.52"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.52.1"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0.0.0"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.01"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.0"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.52"
},
{
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "performance center",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "12.53"
},
{
"model": "performance center",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "12.50"
},
{
"model": "loadrunner",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "12.53"
},
{
"model": "loadrunner patch",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "12.503"
},
{
"model": "loadrunner",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "12.50"
}
],
"sources": [
{
"db": "BID",
"id": "93069"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004860"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-497"
},
{
"db": "NVD",
"id": "CVE-2016-4384"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hp:loadrunner",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:performance_center",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004860"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "BID",
"id": "93069"
},
{
"db": "PACKETSTORM",
"id": "138846"
}
],
"trust": 0.4
},
"cve": "CVE-2016-4384",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4384",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4384",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4384",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-4384",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-497",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2016-4384",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-4384"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004860"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-497"
},
{
"db": "NVD",
"id": "CVE-2016-4384"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors. HP LoadRunner and Performance Center are prone to an unspecified denial-of-service vulnerability. \nA remote attacker can leverage this issue to cause denial-of-service condition. \nThe following products are vulnerable:\nVersions prior to Performance Center 12.50\nVersions prior to LoadRunner 12.50. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05278882\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05278882\nVersion: 1\n\nHPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of\nService (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-09-20\nLast Updated: 2016-09-20\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerability have been identified in HPE LoadRunner and\nPerformance Center. This vulnerability could be exploited remotely to allow\nDenial of Service (DoS). \n\nReferences:\n\nCVE-2016-4384\nPSRT110230\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHPE Performance Center - all versions prior to v12.50\nHPE LoadRunner - all versions prior to v12.50\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-4384\n 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n 8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nHewlett Packard Enterprise thanks Tenable Network Security for reporting this\nissue to security-alert@hpe.com\n\nRESOLUTION\n\nHPE has released following updates to resolve the vulnerabilities in the\nimpacted versions of LoadRunner and Performance Center:\n\nPerformance Center v12.53 - https://softwaresupport.hp.com/group/softwaresupp\nort/search-result/-/facetsearch/document/KM02354255\n\nLoadRunner v12.53 - https://softwaresupport.hp.com/group/softwaresupport/sear\nch-result/-/facetsearch/document/KM02320462\n\nLoadRunner v12.50 patch 3 - https://softwaresupport.hp.com/group/softwaresupp\nort/search-result/-/facetsearch/document/KM02040111\n\nHISTORY\nVersion:1 (rev.1) - 20 September 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBAgAGBQJX6VBSAAoJEGIGBBYqRO9/kV8IANtX4baDp0m/0Dnqfi0hlxga\nTQnS1TL9d38NDzvYLSzhbKIYLEoM4ymM/W376q+SD8bOjkiCZ7kmHAlZw/PHp0ny\nKewKknH/FPTjqoBCspHMxN8Cgos18/B4v8QPfnJE/xsFQcEmsPUnghB8ENR6m9ST\nrfPom6nDEg1zzMB5VdTuwQEx729/EQzSCEOm2yOLxMD9YPEhX/JMlf8UnQQW1skE\nMGr13WD89wBxM+tNMhQJDNLTMLd8lWfB9PTwxwOr4TE+mq+Pfiw1E9SvjUuZ/ikZ\nGBq4x7RHD3ZE37CR9aSxq55l1UwVaCMmBzyq8l20XjRvfQkyBggYYM3IV8ChmbM=\n=PGVh\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4384"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004860"
},
{
"db": "BID",
"id": "93069"
},
{
"db": "VULMON",
"id": "CVE-2016-4384"
},
{
"db": "PACKETSTORM",
"id": "138846"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4384",
"trust": 2.9
},
{
"db": "BID",
"id": "93069",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1036860",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036859",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TRA-2016-26",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004860",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-497",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-4384",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138846",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-4384"
},
{
"db": "BID",
"id": "93069"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004860"
},
{
"db": "PACKETSTORM",
"id": "138846"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-497"
},
{
"db": "NVD",
"id": "CVE-2016-4384"
}
]
},
"id": "VAR-201609-0438",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.35433716
},
"last_update_date": "2024-11-23T22:01:23.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBGN03648",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05278882"
},
{
"title": "HPE Performance Center and LoadRunner Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64234"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004860"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-497"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4384"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05278882"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/93069"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/research/tra-2016-26"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036860"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036859"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4384"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4384"
},
{
"trust": 0.3,
"url": "http://www.hp.com"
},
{
"trust": 0.3,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05278882"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=48977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05278882"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4384"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/sear"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupp"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-4384"
},
{
"db": "BID",
"id": "93069"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004860"
},
{
"db": "PACKETSTORM",
"id": "138846"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-497"
},
{
"db": "NVD",
"id": "CVE-2016-4384"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2016-4384"
},
{
"db": "BID",
"id": "93069"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004860"
},
{
"db": "PACKETSTORM",
"id": "138846"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-497"
},
{
"db": "NVD",
"id": "CVE-2016-4384"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4384"
},
{
"date": "2016-09-20T00:00:00",
"db": "BID",
"id": "93069"
},
{
"date": "2016-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004860"
},
{
"date": "2016-09-26T13:16:00",
"db": "PACKETSTORM",
"id": "138846"
},
{
"date": "2016-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-497"
},
{
"date": "2016-09-21T02:59:11.210000",
"db": "NVD",
"id": "CVE-2016-4384"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-30T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4384"
},
{
"date": "2016-09-20T00:00:00",
"db": "BID",
"id": "93069"
},
{
"date": "2016-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004860"
},
{
"date": "2016-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-497"
},
{
"date": "2024-11-21T02:52:00.153000",
"db": "NVD",
"id": "CVE-2016-4384"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-497"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HPE Performance Center and LoadRunner Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004860"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-497"
}
],
"trust": 0.6
}
}
var-201710-0237
Vulnerability from variot
HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow. HPE LoadRunner and Performance Center Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the libxdrutil.dll mxdr_string method. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. HP Intelligent Management Center (iMC) is a network intelligent management center solution from Hewlett Packard (HP). A remote heap buffer overflow vulnerability exists in HP LoadRunner/Performance Center that was caused by insufficient boundary checking before copying user data to a memory buffer of insufficient size. A failed attack can result in a denial of service. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03712en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbgn03712en_us Version: 1
HPESBGN03712 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-03-07 Last Updated: 2017-03-07
Potential Security Impact: Remote: Code Execution
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified in HPE LoadRunner and Performance Center.
References:
- CVE-2017-5789 - Remote Code Execution
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE LoadRunner - v12.53.0 and earlier
- HPE Performance Center - v12.53.0 and earlier
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2017-5789
7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
Hewlett Packard Enterprise thanks Tenable Network Security working with Trend Micro's Zero Day Initiative (ZDI) for reporting this issue to security-alert@hpe.com
RESOLUTION
HPE has provided the following software updates to resolve the vulnerability in the impacted versions of HPE LoadRunner and Performance Center.
LoadRunner - Please download and install v12.53 Patch 4 using following links:
-
LoadRunner Full: https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/LR_03639
-
Load Generator SA: https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/LRLG_00131
-
Analysis SA: https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/LRANLSYS_00110
-
TruClient SA: https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/LRTC_00005
Release notes for the LoadRunner patch is available at: https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/KM02688589
Performance Center - Please download and install v12.53 Patch 4 using following link:
- Performance Center Server and Host: https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/PC_00312
Release notes for the Performance Center patch is available at: https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/KM02690789
HISTORY Version:1 (rev.1) - 7 March 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBCAAGBQJYvySUAAoJELXhAxt7SZai2r4H+wSohWbdWZfY+1GVhhXcJhoI 9PrgkcoW6Bo2tJI8JCveAKrpJWqzXhx77zPb94Bf8ER3KyUiFTOhx/z5Kv2cW2a3 MswkriLaMzi1G8cihlmtqmTRFfrNn5AJZSOPKR12iuRgpUEnkxTf3727SKrp25uv 1ZD8xXigrEiF3i5KnXR4UJGzv8LZjcwv5ClO13SysR8oTBa0UTKIrvN9s6wkyIEX cMV9BWFknvuC4Nh2lo6uXWqT5mc8Ur5Z1XMMbP9AdVsqd4O1RC70BXBDJ7fvg6qb 0TsnnxyUi40ZqC3DxpFgOdxe0veWZ41wIpVypgyoD78QVi2AbGRDAV6l0R75zgg= =VjbZ -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "loadrunner",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "12.53"
},
{
"_id": null,
"model": "performance center",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "12.53"
},
{
"_id": null,
"model": "performance center",
"scope": "eq",
"trust": 0.9,
"vendor": "hp",
"version": "12.53"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 0.9,
"vendor": "hp",
"version": "12.53"
},
{
"_id": null,
"model": "hpe loadrunner",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.53 patch 4"
},
{
"_id": null,
"model": "hpe performance center",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "12.53 patch 4"
},
{
"_id": null,
"model": "loadrunner",
"scope": null,
"trust": 0.7,
"vendor": "hewlett packard",
"version": null
},
{
"_id": null,
"model": "loadrunner",
"scope": "lte",
"trust": 0.6,
"vendor": "hp",
"version": "\u003c=12.53.0"
},
{
"_id": null,
"model": "performance center",
"scope": "lte",
"trust": 0.6,
"vendor": "hp",
"version": "\u003c=12.53.0"
},
{
"_id": null,
"model": "performance center patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.501"
},
{
"_id": null,
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.50"
},
{
"_id": null,
"model": "performance center patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.202"
},
{
"_id": null,
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.20"
},
{
"_id": null,
"model": "performance center patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.013"
},
{
"_id": null,
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.01"
},
{
"_id": null,
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.00"
},
{
"_id": null,
"model": "performance center patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.01"
},
{
"_id": null,
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.0"
},
{
"_id": null,
"model": "performance center patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.523"
},
{
"_id": null,
"model": "performance center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.52"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.52.1"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0.0.0"
},
{
"_id": null,
"model": "loadrunner build",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1.0.01735"
},
{
"_id": null,
"model": "loadrunner patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.503"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.50"
},
{
"_id": null,
"model": "loadrunner patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.022"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.02"
},
{
"_id": null,
"model": "loadrunner patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.013"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.01"
},
{
"_id": null,
"model": "loadrunner patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.01"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.0"
},
{
"_id": null,
"model": "loadrunner patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.523"
},
{
"_id": null,
"model": "loadrunner patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.522"
},
{
"_id": null,
"model": "loadrunner patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.521"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.52"
},
{
"_id": null,
"model": "loadrunner patch4",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"_id": null,
"model": "loadrunner",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"_id": null,
"model": "performance center patch",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "12.534"
},
{
"_id": null,
"model": "loadrunner patch",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "12.534"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "loadrunner",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performance center",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "80b8fd74-085f-4ba1-8f15-8184e2cd860e"
},
{
"db": "ZDI",
"id": "ZDI-17-160"
},
{
"db": "CNVD",
"id": "CNVD-2017-03832"
},
{
"db": "BID",
"id": "96774"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009402"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-484"
},
{
"db": "NVD",
"id": "CVE-2017-5789"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hp:loadrunner",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:performance_center",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009402"
}
]
},
"credits": {
"_id": null,
"data": "Tenable Network Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-160"
},
{
"db": "BID",
"id": "96774"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-484"
}
],
"trust": 1.6
},
"cve": "CVE-2017-5789",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5789",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-5789",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-03832",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "80b8fd74-085f-4ba1-8f15-8184e2cd860e",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5789",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5789",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-5789",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2017-5789",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-03832",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-484",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "80b8fd74-085f-4ba1-8f15-8184e2cd860e",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "80b8fd74-085f-4ba1-8f15-8184e2cd860e"
},
{
"db": "ZDI",
"id": "ZDI-17-160"
},
{
"db": "CNVD",
"id": "CNVD-2017-03832"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009402"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-484"
},
{
"db": "NVD",
"id": "CVE-2017-5789"
}
]
},
"description": {
"_id": null,
"data": "HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow. HPE LoadRunner and Performance Center Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the libxdrutil.dll mxdr_string method. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. HP Intelligent Management Center (iMC) is a network intelligent management center solution from Hewlett Packard (HP). A remote heap buffer overflow vulnerability exists in HP LoadRunner/Performance Center that was caused by insufficient boundary checking before copying user data to a memory buffer of insufficient size. A failed attack can result in a denial of service. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03712en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbgn03712en_us\nVersion: 1\n\nHPESBGN03712 rev.1 - HPE LoadRunner and Performance Center, Remote Code\nExecution\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-03-07\nLast Updated: 2017-03-07\n\nPotential Security Impact: Remote: Code Execution\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified in HPE LoadRunner and\nPerformance Center. \n\nReferences:\n\n - CVE-2017-5789 - Remote Code Execution\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE LoadRunner - v12.53.0 and earlier\n - HPE Performance Center - v12.53.0 and earlier\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2017-5789\n 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nHewlett Packard Enterprise thanks Tenable Network Security working with Trend\nMicro\u0027s Zero Day Initiative (ZDI) for reporting this issue to\nsecurity-alert@hpe.com\n\nRESOLUTION\n\nHPE has provided the following software updates to resolve the vulnerability\nin the impacted versions of HPE LoadRunner and Performance Center. \n\n**LoadRunner** - Please download and install v12.53 Patch 4 using following\nlinks:\n\n* LoadRunner Full:\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/LID/LR_03639\u003e\n\n* Load Generator SA:\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/LID/LRLG_00131\u003e\n\n* VuGen SA:\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/LID/LRVUG_00214\u003e\n\n* Analysis SA:\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/LID/LRANLSYS_00110\u003e\n\n* TruClient SA:\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/LID/LRTC_00005\u003e\n\nRelease notes for the LoadRunner patch is available at:\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02688589\u003e\n\n**Performance Center** - Please download and install v12.53 Patch 4 using\nfollowing link:\n\n* Performance Center Server and Host:\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/LID/PC_00312\u003e\n\nRelease notes for the Performance Center patch is available at:\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02690789\u003e\n\nHISTORY\nVersion:1 (rev.1) - 7 March 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJYvySUAAoJELXhAxt7SZai2r4H+wSohWbdWZfY+1GVhhXcJhoI\n9PrgkcoW6Bo2tJI8JCveAKrpJWqzXhx77zPb94Bf8ER3KyUiFTOhx/z5Kv2cW2a3\nMswkriLaMzi1G8cihlmtqmTRFfrNn5AJZSOPKR12iuRgpUEnkxTf3727SKrp25uv\n1ZD8xXigrEiF3i5KnXR4UJGzv8LZjcwv5ClO13SysR8oTBa0UTKIrvN9s6wkyIEX\ncMV9BWFknvuC4Nh2lo6uXWqT5mc8Ur5Z1XMMbP9AdVsqd4O1RC70BXBDJ7fvg6qb\n0TsnnxyUi40ZqC3DxpFgOdxe0veWZ41wIpVypgyoD78QVi2AbGRDAV6l0R75zgg=\n=VjbZ\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5789"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009402"
},
{
"db": "ZDI",
"id": "ZDI-17-160"
},
{
"db": "CNVD",
"id": "CNVD-2017-03832"
},
{
"db": "BID",
"id": "96774"
},
{
"db": "IVD",
"id": "80b8fd74-085f-4ba1-8f15-8184e2cd860e"
},
{
"db": "PACKETSTORM",
"id": "141557"
}
],
"trust": 3.33
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-5789",
"trust": 4.3
},
{
"db": "ZDI",
"id": "ZDI-17-160",
"trust": 2.6
},
{
"db": "BID",
"id": "96774",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1038028",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1038029",
"trust": 1.6
},
{
"db": "TENABLE",
"id": "TRA-2017-13",
"trust": 1.6
},
{
"db": "BID",
"id": "101224",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2017-03832",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-484",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009402",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3933",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "36060",
"trust": 0.6
},
{
"db": "IVD",
"id": "80B8FD74-085F-4BA1-8F15-8184E2CD860E",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "141557",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "80b8fd74-085f-4ba1-8f15-8184e2cd860e"
},
{
"db": "ZDI",
"id": "ZDI-17-160"
},
{
"db": "CNVD",
"id": "CNVD-2017-03832"
},
{
"db": "BID",
"id": "96774"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009402"
},
{
"db": "PACKETSTORM",
"id": "141557"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-484"
},
{
"db": "NVD",
"id": "CVE-2017-5789"
}
]
},
"id": "VAR-201710-0237",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "80b8fd74-085f-4ba1-8f15-8184e2cd860e"
},
{
"db": "CNVD",
"id": "CNVD-2017-03832"
}
],
"trust": 1.15433716
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "80b8fd74-085f-4ba1-8f15-8184e2cd860e"
},
{
"db": "CNVD",
"id": "CNVD-2017-03832"
}
]
},
"last_update_date": "2024-11-23T21:53:41.601000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HPESBGN03712",
"trust": 0.8,
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03712en_us"
},
{
"title": "Hewlett Packard Enterprise has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03712en_us"
},
{
"title": "Patch for HP LoadRunner/Performance Center heap buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/91449"
},
{
"title": "HP LoadRunner and Performance Center Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68349"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-160"
},
{
"db": "CNVD",
"id": "CNVD-2017-03832"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009402"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-484"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009402"
},
{
"db": "NVD",
"id": "CVE-2017-5789"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/96774"
},
{
"trust": 1.9,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-160/"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1038029"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1038028"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03712en_us"
},
{
"trust": 1.6,
"url": "https://www.tenable.com/security/research/tra-2017-13"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/101224"
},
{
"trust": 1.0,
"url": "https://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbgn03712en_us"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5789"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5789"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/36060"
},
{
"trust": 0.3,
"url": "http://www.hp.com"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbgn03712en_us"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-160"
},
{
"db": "CNVD",
"id": "CNVD-2017-03832"
},
{
"db": "BID",
"id": "96774"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009402"
},
{
"db": "PACKETSTORM",
"id": "141557"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-484"
},
{
"db": "NVD",
"id": "CVE-2017-5789"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "80b8fd74-085f-4ba1-8f15-8184e2cd860e",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-17-160",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-03832",
"ident": null
},
{
"db": "BID",
"id": "96774",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009402",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "141557",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201703-484",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-5789",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "IVD",
"id": "80b8fd74-085f-4ba1-8f15-8184e2cd860e",
"ident": null
},
{
"date": "2017-03-09T00:00:00",
"db": "ZDI",
"id": "ZDI-17-160",
"ident": null
},
{
"date": "2017-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03832",
"ident": null
},
{
"date": "2017-03-10T00:00:00",
"db": "BID",
"id": "96774",
"ident": null
},
{
"date": "2017-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009402",
"ident": null
},
{
"date": "2017-03-09T17:02:19",
"db": "PACKETSTORM",
"id": "141557",
"ident": null
},
{
"date": "2017-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-484",
"ident": null
},
{
"date": "2017-10-11T21:29:00.213000",
"db": "NVD",
"id": "CVE-2017-5789",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-03-09T00:00:00",
"db": "ZDI",
"id": "ZDI-17-160",
"ident": null
},
{
"date": "2017-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03832",
"ident": null
},
{
"date": "2017-03-16T01:01:00",
"db": "BID",
"id": "96774",
"ident": null
},
{
"date": "2017-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009402",
"ident": null
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-484",
"ident": null
},
{
"date": "2024-11-21T03:28:21.450000",
"db": "NVD",
"id": "CVE-2017-5789",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "141557"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-484"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "HP LoadRunner/Performance Center Heap Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "80b8fd74-085f-4ba1-8f15-8184e2cd860e"
},
{
"db": "CNVD",
"id": "CNVD-2017-03832"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "80b8fd74-085f-4ba1-8f15-8184e2cd860e"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-484"
}
],
"trust": 0.8
}
}