Main Vulnerability Database Vulnerabilities #VU41497

Input validation error in Universal Configuration Management Database - CVE-2014-2616

Published: July 7, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41497

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-2616

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: HPE

Affected software:
Universal Configuration Management Database

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091.

How to mitigate CVE-2014-2616

Install update from vendor's website.

Sources

http://secunia.com/advisories/58912
http://www.securityfocus.com/bid/68363
http://www.securitytracker.com/id/1030518
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04357076

Input validation error in Universal Configuration Management Database - CVE-2014-2616

Detailed vulnerability description

How to mitigate CVE-2014-2616

Sources

Please verify you're human