Vulnerability CVE-2015-2802
Published: 2020-02-04   Modified: 2020-02-05

Description:
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
HP -> Asset manager 
HP -> Asset manager cloudsystem chargeback 

 References:
http://marc.info/?l=bugtraq&m=143455780010289&w=2
http://marc.info/?l=bugtraq&m=143629738517220&w=2
http://www.securityfocus.com/bid/75258
https://packetstormsecurity.com/files/cve/CVE-2015-2802
https://securitytracker.com/id/1032599
Copyright 2024, cxsecurity.com

 

Back to Top