Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiBrandon PerryZDI-14-235
HistoryJul 16, 2014 - 12:00 a.m.

Hewlett-Packard Intelligent Management Center RssServlet Information Disclosure Vulnerability

2014-07-1600:00:00
Brandon Perry
www.zerodayinitiative.com
17

EPSS

0.008

Percentile

81.7%

JSON

This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is required to exploit this vulnerability. The specific flaw exists within the RssServlet servlet. This servlet exhibits an XML external entity injection vulnerability which allows any file readable by SYSTEM to be disclosed. By abusing this behavior an attacker can disclose administrative credentials and possibly leverage this situation to achieve remote code execution.

Related

nvd 1
cvelist 1
prion 1
cve 1
nessus 2
securityvulns 2
nvd
nvd
CVE-2014-2622
2014-07-16 04:58:33
cvelist
cvelist
CVE-2014-2622
2014-07-16 01:00:00
prion
prion
Code injection
2014-07-16 04:58:00
cve
cve
CVE-2014-2622
2014-07-16 04:58:33
nessus
nessus
HP Intelligent Management Center Branch Intelligent Management Module 7.x < 7.0-E0201P02 Multiple Vulnerabilities
2014-07-21 00:00:00
HP Intelligent Management Center 7.x < 7.0-E0202P03 Multiple Vulnerabilities
2014-07-21 00:00:00
securityvulns
securityvulns
HP Intelligent Management Center / HP Branch Intelligent Management System information leakage
2014-07-22 00:00:00
[security bulletin] HPSBHF02913 rev.1 - HP Intelligent Management Center &#40;iMC&#41; and HP Branch Intelligent Management System &#40;BIMS&#41;, Remote Disclosure of Information
2014-07-22 00:00:00

EPSS

0.008

Percentile

81.7%

JSON
Related for ZDI-14-235
nvd1cvelist1prion1cve1nessus2securityvulns2