Vulnerability CVE-2012-3259

Vulnerability CVE-2012-3259

Published: 2012-09-25

Description:

Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1461.

See advisories in our WLB2 database:

	Topic	Author	Date
High	HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution	Andrea Micalizzi...	29.08.2012
High	HP SiteScope UploadFilesHandler Remote Code Execution	Andrea Micalizzi...	29.08.2012
High	HP SiteScope SOAP Call create Remote Code Execution	Andrea Micalizzi...	29.08.2012
High	HP SiteScope SOAP Call getFileInternal Remote Code Execution	Andrea Micalizzi...	29.08.2012
High	HP Intelligent Management Center UAM sprintf Remote Code Execution	e6af8de8b1d4b2b6...	29.08.2012
High	HP OO RSScheduler Service JDBC Connector Remote Code Execution	Andrea Micalizzi...	29.08.2012

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
10/10	10/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
HP -> Sitescope

References:

http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03489683

http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03489683

Copyright 2024, cxsecurity.com