Main Vulnerability Database Vulnerabilities #VU40892

#VU40892 Information disclosure in Universal Configuration Management Database - CVE-2014-7883

Published: February 15, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40892

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2014-7883

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Universal Configuration Management Database

Software vendor:
HPE

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response.

Remediation

Install update from vendor's website.

External links

http://www.kb.cert.org/vuls/id/867593
http://www.securitytracker.com/id/1031688
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04553906

#VU40892 Information disclosure in Universal Configuration Management Database - CVE-2014-7883

Description

Remediation

External links

Please verify you're human