Main Vulnerability Database Vulnerabilities #VU40649

Information disclosure in Universal Configuration Management Database - CVE-2015-5440

Published: September 16, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40649

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-5440

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: HPE

Affected software:
Universal Configuration Management Database

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.

How to mitigate CVE-2015-5440

Install update from vendor's website.

Sources

http://www.securitytracker.com/id/1033528
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790231

Information disclosure in Universal Configuration Management Database - CVE-2015-5440

Detailed vulnerability description

How to mitigate CVE-2015-5440

Sources

Please verify you're human