Detections
Analytics

HP Universal Configuration Management Database Server Authentication Bypass

medium Nessus Plugin ID 81917

Language:

Synopsis

The remote web server is affected by an authentication bypass vulnerability.

Description

The version of HP Universal Configuration Management Database Server running on the remote web server is affected by an authentication bypass vulnerability due to the JMX-Console component performing access control only for GET and POST methods. A remote attacker, using the HTTP HEAD method, can bypass authentication to add a new administrator user to the system, allowing full access.

Solution

Contact the vendor.

See Also

http://www.nessus.org/u?53648d9a

Plugin Details

Severity: Medium

ID: 81917

File Name: hp_ucmdb_server_head_auth_bypass.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 3/18/2015

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2014-7883

Vulnerability Information

CPE: cpe:/a:hp:universal_configuration_management_database

Required KB Items: installed_sw/HP Universal Configuration Management Database Server

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2/3/2015

Reference Information

CVE: CVE-2014-7883

BID: 72432