Vulnerability Details CVE-2014-2611
Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.8%
CVSS Severity
CVSS v2 Score 9.0
References
- http://secunia.com/advisories/59363
- http://www.securityfocus.com/bid/68093
- http://www.securitytracker.com/id/1030439
- http://zerodayinitiative.com/advisories/ZDI-14-210/
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04341295
- http://secunia.com/advisories/59363
- http://www.securityfocus.com/bid/68093
- http://www.securitytracker.com/id/1030439
- http://zerodayinitiative.com/advisories/ZDI-14-210/
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04341295
Products affected by CVE-2014-2611
-
cpe:2.3:a:hp:executive_scorecard:9.40
-
cpe:2.3:a:hp:executive_scorecard:9.41