CVE-2017-14351 - OpenCVE

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Ucmdb Configuration Manager

Configuration 1 [-]

OR	cpe:2.3:a:hp:ucmdb_configuration_manager:10.10:::::::*
	cpe:2.3:a:hp:ucmdb_configuration_manager:10.11:::::::*
	cpe:2.3:a:hp:ucmdb_configuration_manager:10.20:::::::*
	cpe:2.3:a:hp:ucmdb_configuration_manager:10.21:::::::*
	cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:::::::*
	cpe:2.3:a:hp:ucmdb_configuration_manager:10.23:::::::*

No data.

References

Link	Providers
https://softwaresupport.hpe.com/km/KM02968622
https://www.tenable.com/security/research/tra-2017-32

History

No history.

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2017-09-29T19:00:00

Updated: 2024-08-05T19:27:39.042Z

Reserved: 2017-09-12T00:00:00

Link: CVE-2017-14351

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-09-30T01:29:01.523

Modified: 2023-11-07T02:38:55.307

Link: CVE-2017-14351

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:16:06", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://softwaresupport.hpe.com/km/KM02968622"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2017-32"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2017-14351", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://softwaresupport.hpe.com/km/KM02968622", "refsource": "CONFIRM", "url": "https://softwaresupport.hpe.com/km/KM02968622"}, {"name": "https://www.tenable.com/security/research/tra-2017-32", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2017-32"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:27:39.042Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://softwaresupport.hpe.com/km/KM02968622"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2017-32"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2017-14351", "datePublished": "2017-09-29T19:00:00", "dateReserved": "2017-09-12T00:00:00", "dateUpdated": "2024-08-05T19:27:39.042Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "51748783-95F1-400A-A435-12D1F4A1312E", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.11:*:*:*:*:*:*:*", "matchCriteriaId": "3837E366-A291-4E93-9AC7-595BF661CE42", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.20:*:*:*:*:*:*:*", "matchCriteriaId": "97E3B18E-18CE-42C5-BDCC-93A339C2E80B", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.21:*:*:*:*:*:*:*", "matchCriteriaId": "D4FA4110-8DB1-4CC1-A768-F33E91BB5AD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:*:*:*:*:*:*:*", "matchCriteriaId": "00348879-766F-4CBA-9761-AE4E258CA7EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.23:*:*:*:*:*:*:*", "matchCriteriaId": "E4A06A8A-739A-4240-9AF6-080A2D7B4A4D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de seguridad potencial en las versiones 10.10, 10.11, 10.20, 10.21, 10.22 y 10.23 de HP UCMDB Configuration Manager. Estas vulnerabilidades podr\u00edan explotarse de forma remota para permitir la ejecuci\u00f3n de c\u00f3digo."}], "id": "CVE-2017-14351", "lastModified": "2023-11-07T02:38:55.307", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-30T01:29:01.523", "references": [{"source": "security@opentext.com", "url": "https://softwaresupport.hpe.com/km/KM02968622"}, {"source": "security@opentext.com", "url": "https://www.tenable.com/security/research/tra-2017-32"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}