Lucene search
Ziad BadawiZDI-14-230HistoryJul 09, 2014 - 12:00 a.m.
Hewlett-Packard Universal CMDB Default Credentials Remote Code Execution Vulnerability
2014-07-0900:00:00
Ziad Badawi
www.zerodayinitiative.com
24
EPSS
0.179
Percentile
96.2%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Universal CMDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of Hewlett-Packard Universal CMDB. The configuration contains hard-coded credentials. An attacker can leverage this vulnerability to upload malicious applications that can then be used to execute code under the context of SYSTEM.
Related
checkpoint_advisories
checkpoint_advisories
HP Universal CMDB Default Credentials Arbitrary File Upload (CVE-2014-2617)
2014-09-21 00:00:00
prion
prion
Design/Logic Flaw
2014-07-07 11:01:00
cvelist
cvelist
CVE-2014-2617
2014-07-07 10:00:00
nvd
nvd
CVE-2014-2617
2014-07-07 11:01:29
cve
cve
CVE-2014-2617
2014-07-07 11:01:29
securityvulns
securityvulns
[security bulletin] HPSBMU03064 rev.1 - HP Universal CMDB, Remote Information Disclosure, Execution of Code
2014-10-16 00:00:00
HP Universal CMDB security vulnerabilities
2014-10-16 00:00:00