Main Vulnerability Database Vulnerabilities #VU41496

Input validation error in Universal Configuration Management Database - CVE-2014-2615

Published: July 7, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41496

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-2615

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: HPE

Affected software:
Universal Configuration Management Database

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083.

How to mitigate CVE-2014-2615

Install update from vendor's website.

Sources

http://secunia.com/advisories/58912
http://www.securityfocus.com/bid/68363
http://www.securitytracker.com/id/1030518
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04357076

Input validation error in Universal Configuration Management Database - CVE-2014-2615

Detailed vulnerability description

How to mitigate CVE-2014-2615

Sources

Please verify you're human