CVE-2014-2610

high

Description

Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117.

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04341295

http://zerodayinitiative.com/advisories/ZDI-14-209/

http://www.securitytracker.com/id/1030439

http://www.securityfocus.com/bid/68093

http://secunia.com/advisories/59363

Details

Source: Mitre, NVD

Published: 2014-06-19

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.02337