Main Vulnerability Database Vulnerabilities #VU41498

Input validation error in Universal Configuration Management Database - CVE-2014-2617

Published: July 7, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41498

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2014-2617

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: HPE

Affected software:
Universal Configuration Management Database

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104.

How to mitigate CVE-2014-2617

Install update from vendor's website.

Sources

http://secunia.com/advisories/58912
http://www.securityfocus.com/bid/68363
http://www.securitytracker.com/id/1030518
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04357076

Input validation error in Universal Configuration Management Database - CVE-2014-2617

Detailed vulnerability description

How to mitigate CVE-2014-2617

Sources

Please verify you're human