Lucene search

[email protected]CVE-2015-2121

HistoryMay 25, 2015 - 5:59 p.m.

CVE-2015-2121

2015-05-2517:59:02

CWE-200

[email protected]

web.nvd.nist.gov

network virtualization

loadrunner

performance center

remote attack

arbitrary file reading

url

vulnerability

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.16 Low

EPSS

Percentile

96.0%

JSON

HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component, aka ZDI-CAN-2569.

Affected configurations

NVD

Node

hpnetwork_virtualizationMatch8.61

hpnetwork_virtualizationMatch11.52

CPENameOperatorVersion
hp:network_virtualizationhp network virtualizationeq8.61
hp:network_virtualizationhp network virtualizationeq11.52

CPE	Name	Operator	Version
hp:network_virtualization	hp network virtualization	eq	8.61
hp:network_virtualization	hp network virtualization	eq	11.52

References

www.securityfocus.com/bid/74583

zerodayinitiative.com/advisories/ZDI-15-192/

h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04657310

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.16 Low

EPSS

Percentile

96.0%

JSON

Related for CVE-2015-2121

securityvulns2 nessus1 cvelist1 zdi1 prion1 nvd1