HP Operations Orchestration 10.x Remote Information Disclosure

low Nessus Plugin ID 83348

Synopsis

The remote host is affected by remote information disclosure vulnerability.

Description

The remote host has a version of HP Operations Orchestration installed that is 10.x prior to 10.21.0001. It is, therefore, affected by an information disclosure vulnerability. A remote, authenticated attacker can exploit this, via PowerShell (PS) script operations, to obtain user passwords and other sensitive information.

Solution

Upgrade to HP Operations Orchestration 10.21.0001 or later.

See Also

http://www.nessus.org/u?a6ac93df

Plugin Details

Severity: Low

ID: 83348

File Name: hp_operations_orchestration_hpsbmu03291.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 5/12/2015

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:hp:operations_orchestration

Required KB Items: installed_sw/HP Operations Orchestration

Exploit Ease: No known exploits are available

Patch Publication Date: 3/16/2015

Vulnerability Publication Date: 3/16/2015

Reference Information

CVE: CVE-2015-2108

BID: 73320

HP: HPSBMU03291, SSRT101980, emr_na-c04595417