SB2012081309 - Information disclosure in HP Fortify Software Security Center



SB2012081309 - Information disclosure in HP Fortify Software Security Center

Published: August 13, 2012 Updated: April 24, 2023

Security Bulletin ID SB2012081309
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Information disclosure (CVE-ID: CVE-2012-3249)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote #AU# to gain access to sensitive information.

HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.


Remediation

Install update from vendor's website.