Vulnerabilites related to hp - business_service_management
cve-2011-0274
Vulnerability from cvelistv5
Published
2011-01-24 17:00
Modified
2024-08-06 21:51
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 7.x through 7.55 and 8.x through 8.05, and Business Service Management (BSM) through 9.01, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=129562482815203&w=2 | vendor-advisory, x_refsource_HP | |
| http://secunia.com/advisories/43014 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=129562482815203&w=2 | vendor-advisory, x_refsource_HP | |
| http://securitytracker.com/id?1024986 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2011/0188 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64846 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/45944 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/43018 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:07.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT100342",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129562482815203\u0026w=2"
},
{
"name": "43014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43014"
},
{
"name": "HPSBMA02622",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129562482815203\u0026w=2"
},
{
"name": "1024986",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024986"
},
{
"name": "ADV-2011-0188",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0188"
},
{
"name": "hp-bac-bsm-xss(64846)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64846"
},
{
"name": "45944",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45944"
},
{
"name": "43018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 7.x through 7.55 and 8.x through 8.05, and Business Service Management (BSM) through 9.01, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT100342",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129562482815203\u0026w=2"
},
{
"name": "43014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43014"
},
{
"name": "HPSBMA02622",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129562482815203\u0026w=2"
},
{
"name": "1024986",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024986"
},
{
"name": "ADV-2011-0188",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0188"
},
{
"name": "hp-bac-bsm-xss(64846)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64846"
},
{
"name": "45944",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45944"
},
{
"name": "43018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-0274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 7.x through 7.55 and 8.x through 8.05, and Business Service Management (BSM) through 9.01, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100342",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=129562482815203\u0026w=2"
},
{
"name": "43014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43014"
},
{
"name": "HPSBMA02622",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=129562482815203\u0026w=2"
},
{
"name": "1024986",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024986"
},
{
"name": "ADV-2011-0188",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0188"
},
{
"name": "hp-bac-bsm-xss(64846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64846"
},
{
"name": "45944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45944"
},
{
"name": "43018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2011-0274",
"datePublished": "2011-01-24T17:00:00",
"dateReserved": "2010-12-23T00:00:00",
"dateUpdated": "2024-08-06T21:51:07.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4405
Vulnerability from cvelistv5
Published
2018-08-06 20:00
Modified
2024-08-06 00:25
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94183 | vdb-entry, x_refsource_BID | |
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05327447 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | HP Business Service Manager |
Version: v9.20-v9.26 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94183",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94183"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05327447"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HP Business Service Manager",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "v9.20-v9.26"
}
]
}
],
"datePublic": "2016-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-07T09:57:01",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"name": "94183",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05327447"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2016-4405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HP Business Service Manager",
"version": {
"version_data": [
{
"version_value": "v9.20-v9.26"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94183"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05327447",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05327447"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2016-4405",
"datePublished": "2018-08-06T20:00:00",
"dateReserved": "2016-04-29T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2561
Vulnerability from cvelistv5
Published
2012-05-21 20:00
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/49218 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/53556 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/859230 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securitytracker.com/id?1027075 | vdb-entry, x_refsource_SECTRACK | |
| http://marc.info/?l=bugtraq&m=134013352316810&w=2 | vendor-advisory, x_refsource_HP | |
| http://osvdb.org/81981 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=134013352316810&w=2 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49218"
},
{
"name": "53556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53556"
},
{
"name": "VU#859230",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/859230"
},
{
"name": "1027075",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027075"
},
{
"name": "HPSBMU02792",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134013352316810\u0026w=2"
},
{
"name": "81981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81981"
},
{
"name": "SSRT100820",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134013352316810\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-23T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "49218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49218"
},
{
"name": "53556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53556"
},
{
"name": "VU#859230",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/859230"
},
{
"name": "1027075",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027075"
},
{
"name": "HPSBMU02792",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134013352316810\u0026w=2"
},
{
"name": "81981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81981"
},
{
"name": "SSRT100820",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134013352316810\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49218"
},
{
"name": "53556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53556"
},
{
"name": "VU#859230",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/859230"
},
{
"name": "1027075",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027075"
},
{
"name": "HPSBMU02792",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134013352316810\u0026w=2"
},
{
"name": "81981",
"refsource": "OSVDB",
"url": "http://osvdb.org/81981"
},
{
"name": "SSRT100820",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134013352316810\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2561",
"datePublished": "2012-05-21T20:00:00",
"dateReserved": "2012-05-09T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4392
Vulnerability from cvelistv5
Published
2018-08-06 20:00
Modified
2024-08-06 00:25
Severity ?
EPSS score ?
Summary
A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05316329 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93933 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037127 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | HP Business Service Manager |
Version: v9.1x, v9.20 - v9.25IP1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05316329"
},
{
"name": "93933",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93933"
},
{
"name": "1037127",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HP Business Service Manager",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "v9.1x, v9.20 - v9.25IP1"
}
]
}
],
"datePublic": "2016-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-07T09:57:01",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05316329"
},
{
"name": "93933",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93933"
},
{
"name": "1037127",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037127"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2016-4392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HP Business Service Manager",
"version": {
"version_data": [
{
"version_value": "v9.1x, v9.20 - v9.25IP1"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05316329",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05316329"
},
{
"name": "93933",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93933"
},
{
"name": "1037127",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037127"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2016-4392",
"datePublished": "2018-08-06T20:00:00",
"dateReserved": "2016-04-29T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3269
Vulnerability from cvelistv5
Published
2015-08-25 01:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202 | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=145706712500978&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.securityfocus.com/bid/76394 | vdb-entry, x_refsource_BID | |
| http://www.vmware.com/security/advisories/VMSA-2015-0008.html | x_refsource_CONFIRM | |
| https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/536266/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1033337 | vdb-entry, x_refsource_SECTRACK | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-508/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202"
},
{
"name": "HPSBGN03550",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145706712500978\u0026w=2"
},
{
"name": "76394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76394"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html"
},
{
"name": "20150819 CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536266/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html"
},
{
"name": "1033337",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033337"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-508/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T16:06:33",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202"
},
{
"name": "HPSBGN03550",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145706712500978\u0026w=2"
},
{
"name": "76394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76394"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html"
},
{
"name": "20150819 CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536266/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html"
},
{
"name": "1033337",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033337"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-508/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202"
},
{
"name": "HPSBGN03550",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=145706712500978\u0026w=2"
},
{
"name": "76394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76394"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"name": "https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html"
},
{
"name": "20150819 CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536266/100/0/threaded"
},
{
"name": "https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html"
},
{
"name": "1033337",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033337"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-508/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-508/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3269",
"datePublished": "2015-08-25T01:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-01-24 18:00
Modified
2024-11-21 01:23
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 7.x through 7.55 and 8.x through 8.05, and Business Service Management (BSM) through 9.01, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | business_availability_center | 7.0 | |
| hp | business_availability_center | 7.55 | |
| hp | business_availability_center | 8.0 | |
| hp | business_availability_center | 8.05 | |
| hp | business_service_management | 9.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:business_availability_center:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6225B39-0AC0-44F0-96C6-6A5B51F3A354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:business_availability_center:7.55:*:*:*:*:*:*:*",
"matchCriteriaId": "C79FD56F-AEA9-44C8-A3FA-E075885CE220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:business_availability_center:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28CB6BA7-F5DA-4AFB-AF9B-E185EA808AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:business_availability_center:8.05:*:*:*:*:*:*:*",
"matchCriteriaId": "F19F9808-E070-4085-8133-D6EB8C90F638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:business_service_management:9.01:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0CDBAB-B573-4AC7-ADDA-860554ED8C06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 7.x through 7.55 and 8.x through 8.05, and Business Service Management (BSM) through 9.01, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidadad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en HP Business Availability Center (BAC) v7.x hasta v8.05 y Business Service Management (BSM) v9.01, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de par\u00e1metros no especificados"
}
],
"id": "CVE-2011-0274",
"lastModified": "2024-11-21T01:23:41.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-24T18:00:03.860",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129562482815203\u0026w=2"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129562482815203\u0026w=2"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43014"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43018"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://securitytracker.com/id?1024986"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/bid/45944"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0188"
},
{
"source": "hp-security-alert@hp.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129562482815203\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129562482815203\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64846"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-06 20:29
Modified
2024-11-21 02:52
Severity ?
Summary
A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://www.securityfocus.com/bid/93933 | Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | http://www.securitytracker.com/id/1037127 | Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05316329 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93933 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037127 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05316329 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | business_service_management | * | |
| hp | business_service_management | 9.10 | |
| hp | business_service_management | 9.25 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:business_service_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BE9722-4086-433D-A389-E438F72BA98D",
"versionEndIncluding": "9.25",
"versionStartIncluding": "9.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:business_service_management:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "990EE856-DA07-4F35-A88B-5015BF2BA333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:business_service_management:9.25:ip1:*:*:*:*:*:*",
"matchCriteriaId": "2C476102-6A3B-49C7-AC44-2D7583C6EE3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de Cross-Site Scripting remoto en el software HP Business Service Management en versiones v9.1x, v9.20 - v9.25IP1."
}
],
"id": "CVE-2016-4392",
"lastModified": "2024-11-21T02:52:01.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-06T20:29:00.287",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93933"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037127"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05316329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05316329"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-21 20:55
Modified
2024-11-21 01:39
Severity ?
Summary
HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | business_service_management | 9.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:business_service_management:9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8100AE4E-5933-4D05-ABBE-CA6BE96DF815",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444."
},
{
"lang": "es",
"value": "HP Business Service Management (BSM) 9.12 no restringe apropiadamente la subida de archivos .war files, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario JSP dentro del componente de servidor de aplicaciones JBOSS a trav\u00e9s de una petici\u00f3n modificada al puerto TCP 1098, 1099 o 4444."
}
],
"id": "CVE-2012-2561",
"lastModified": "2024-11-21T01:39:13.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-21T20:55:21.570",
"references": [
{
"source": "cret@cert.org",
"url": "http://marc.info/?l=bugtraq\u0026m=134013352316810\u0026w=2"
},
{
"source": "cret@cert.org",
"url": "http://marc.info/?l=bugtraq\u0026m=134013352316810\u0026w=2"
},
{
"source": "cret@cert.org",
"url": "http://osvdb.org/81981"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/49218"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/859230"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/53556"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1027075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=134013352316810\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=134013352316810\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/81981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/859230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027075"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-25 01:59
Modified
2024-11-21 02:29
Severity ?
Summary
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | business_service_management | * | |
| adobe | livecycle_data_services | 3.0 | |
| adobe | livecycle_data_services | 4.5 | |
| adobe | livecycle_data_services | 4.6 | |
| adobe | livecycle_data_services | 4.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:business_service_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "939572F4-FE01-4527-985D-B63CCD990C79",
"versionEndIncluding": "9.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE5075B-DB11-47F3-9601-F4956ECF5047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F27B0FB6-04A5-4D6D-9C31-847B924EF836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16AB3FE1-2860-4A1D-AC3F-79CE04DC1242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1172637-AED4-4476-A44B-F7BEF179E9F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
},
{
"lang": "es",
"value": "Vulnerabilidad en Apache Flex BlazeDS, tal como se usa en flex-messaging-core.jar en Adobe LiveCycle Data Services (LCDS) 3.0.x en versiones anteriores a 3.0.0.354170, 4.5 en versiones anteriores a 4.5.1.354169, 4.6.2 en versiones anteriores a 4.6.2.354169 y 4.7 en versiones anteriores a 4.7.0.354169 y otros productos, permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de mensajes AMF que contienen una declaraci\u00f3n de entidad externa XML en conjunci\u00f3n con una referencia a entidad, relacionada con un problema de entidad externa XML (XXE)."
}
],
"id": "CVE-2015-3269",
"lastModified": "2024-11-21T02:29:02.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-25T01:59:00.087",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145706712500978\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/536266/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/76394"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1033337"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202"
},
{
"source": "secalert@redhat.com",
"url": "https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-508/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145706712500978\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536266/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-508/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-06 20:29
Modified
2024-11-21 02:52
Severity ?
Summary
A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | http://www.securityfocus.com/bid/94183 | Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05327447 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94183 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05327447 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | business_service_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:business_service_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE9D725-7C18-4CCA-B065-C3233E2EDAD1",
"versionEndIncluding": "9.26",
"versionStartIncluding": "9.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en HP Business Service Management (BSM) que emplea Apache Commons Collection Java Deserialization en versiones v9.20-v9.26."
}
],
"id": "CVE-2016-4405",
"lastModified": "2024-11-21T02:52:03.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-06T20:29:00.693",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94183"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05327447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05327447"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}