CVE-2017-14349 - OpenCVE

An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Hp	Sitescope

Configuration 1 [-]

OR	cpe:2.3:a:hp:sitescope:11.20:::::::*
	cpe:2.3:a:hp:sitescope:11.21:::::::*
	cpe:2.3:a:hp:sitescope:11.22:::::::*
	cpe:2.3:a:hp:sitescope:11.23:::::::*
	cpe:2.3:a:hp:sitescope:11.24:::::::*
	cpe:2.3:a:hp:sitescope:11.24.391:::::::*
	cpe:2.3:a:hp:sitescope:11.30:::::::*
	cpe:2.3:a:hp:sitescope:11.30.521:::::::*
	cpe:2.3:a:hp:sitescope:11.31:::::::*
	cpe:2.3:a:hp:sitescope:11.32:::::::*
	cpe:2.3:a:hp:sitescope:11.33:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/100989
https://softwaresupport.hpe.com/km/KM02948051
https://www.auscert.org.au/bulletins/52758

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microfocus

Published: 2017-09-29T14:00:00

Updated: 2021-01-06T16:15:52

Reserved: 2017-09-12T00:00:00

Link: CVE-2017-14349

JSON object: View

NVD Information

Status : Modified

Published: 2017-09-30T01:29:01.443

Modified: 2023-11-07T02:38:54.710

Link: CVE-2017-14349

JSON object: View

Redhat Information

No data.

CWE

CWE-269

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-09-21T00:00:00", "descriptions": [{"lang": "en", "value": "An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:52", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"name": "ESB-2017.2414", "tags": ["third-party-advisory", "x_refsource_AUSCERT"], "url": "https://www.auscert.org.au/bulletins/52758"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://softwaresupport.hpe.com/km/KM02948051"}, {"name": "100989", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100989"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2017-14349", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ESB-2017.2414", "refsource": "AUSCERT", "url": "https://www.auscert.org.au/bulletins/52758"}, {"name": "https://softwaresupport.hpe.com/km/KM02948051", "refsource": "CONFIRM", "url": "https://softwaresupport.hpe.com/km/KM02948051"}, {"name": "100989", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100989"}]}}}}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2017-14349", "datePublished": "2017-09-29T14:00:00", "dateReserved": "2017-09-12T00:00:00", "dateUpdated": "2021-01-06T16:15:52", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:sitescope:11.20:*:*:*:*:*:*:*", "matchCriteriaId": "8172205D-C9CE-487E-BF67-33A46EBF056E", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:sitescope:11.21:*:*:*:*:*:*:*", "matchCriteriaId": "5F8F86F8-D697-44B8-9216-2319EF7A76D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:sitescope:11.22:*:*:*:*:*:*:*", "matchCriteriaId": "5290D701-53C2-4C14-B380-F9DE30DA57D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:sitescope:11.23:*:*:*:*:*:*:*", "matchCriteriaId": "3D3D0E42-4BC5-4109-A069-5E1A79A13051", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:sitescope:11.24:*:*:*:*:*:*:*", "matchCriteriaId": "ABE7D552-5C3F-4B3D-A7B3-AE9D4AD0FAC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:sitescope:11.24.391:*:*:*:*:*:*:*", "matchCriteriaId": "C737A71B-03DF-4436-ACE5-43D47E8C7138", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:sitescope:11.30:*:*:*:*:*:*:*", "matchCriteriaId": "9F02A47A-24BB-42CA-AC9C-D3A7B2FECEA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:sitescope:11.30.521:*:*:*:*:*:*:*", "matchCriteriaId": "C06DD563-7712-4CC4-AD78-27F534003479", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:sitescope:11.31:*:*:*:*:*:*:*", "matchCriteriaId": "230FF2E9-DEDC-4B99-BC2B-7D2488423596", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:sitescope:11.32:*:*:*:*:*:*:*", "matchCriteriaId": "027F6746-2AA5-41E8-BE67-A2CAAFEA5CA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:sitescope:11.33:*:*:*:*:*:*:*", "matchCriteriaId": "779FEDAE-F5D9-4055-A275-FD70C6C93F73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data."}, {"lang": "es", "value": "Una vulnerabilidad de autenticaci\u00f3n en las versiones 11.2x y 11.3x de HPE SiteScope permite que las cuentas de s\u00f3lo lectura vean todas las interfaces y monitores de SiteScope, pudiendo llegar a exponer datos sensibles."}], "id": "CVE-2017-14349", "lastModified": "2023-11-07T02:38:54.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-30T01:29:01.443", "references": [{"source": "security@opentext.com", "url": "http://www.securityfocus.com/bid/100989"}, {"source": "security@opentext.com", "url": "https://softwaresupport.hpe.com/km/KM02948051"}, {"source": "security@opentext.com", "url": "https://www.auscert.org.au/bulletins/52758"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}