Vulnerabilities > CVE-2014-2621 - Information Disclosure vulnerability in HP products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2090.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family Misc. NASL id HP_IMC_70_E0202P03.NASL description The version of HP Intelligent Management Center on the remote host is version 7.x prior to 7.0-E0202P03. It is, therefore, affected by multiple vulnerabilities that could allow a remote attacker to access sensitive information via unspecified vectors. last seen 2020-06-01 modified 2020-06-02 plugin id 76620 published 2014-07-21 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76620 title HP Intelligent Management Center 7.x < 7.0-E0202P03 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76620); script_version("1.4"); script_cvs_date("Date: 2018/11/15 20:50:23"); script_cve_id( "CVE-2014-2618", "CVE-2014-2619", "CVE-2014-2620", "CVE-2014-2621", "CVE-2014-2622" ); script_bugtraq_id(68540, 68543, 68544, 68546, 68547); script_xref(name:"HP", value:"emr_na-c04369484"); script_xref(name:"HP", value:"HPSBHF02913"); script_xref(name:"HP", value:"SSRT101406"); script_xref(name:"HP", value:"SSRT101408"); script_xref(name:"HP", value:"SSRT101409"); script_xref(name:"HP", value:"SSRT101410"); script_xref(name:"HP", value:"SSRT101552"); script_name(english:"HP Intelligent Management Center 7.x < 7.0-E0202P03 Multiple Vulnerabilities"); script_summary(english:"Checks the version of HP Intelligent Management Center."); script_set_attribute(attribute:"synopsis", value: "The version of HP Intelligent Management Center on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of HP Intelligent Management Center on the remote host is version 7.x prior to 7.0-E0202P03. It is, therefore, affected by multiple vulnerabilities that could allow a remote attacker to access sensitive information via unspecified vectors."); # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04369484 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1bc1d445"); script_set_attribute(attribute:"solution", value:"Upgrade to iMC version 7.0-E0202P03 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/14"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/21"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:intelligent_management_center"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies('hp_imc_detect.nbin'); script_require_ports('Services/activemq', 61616); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Figure out which port to use port = get_service(svc:'activemq', default:61616, exit_on_fail:TRUE); version = get_kb_item_or_exit('hp/hp_imc/'+port+'/version'); # Only Version 7.0 known to be affected if (version !~ "^7\.0") audit(AUDIT_LISTEN_NOT_VULN, 'HP Intelligent Management Center', port, version); verparts = split(version, sep:"-"); patchver = FALSE; # Versions 7.0 affected before E0202P03, remove letters in patch version (if patched) if (max_index(verparts) > 1) patchver = ereg_replace(string:verparts[1], pattern:"[A-Z]", replace:""); # All versions have the "dash" : i.e. 7.0-E202P03 # if it doesn't have a dash we got a weird version somehow. if (!patchver) audit(AUDIT_UNKNOWN_APP_VER, 'HP Intelligent Management Center'); if (ver_compare(fix:"020203", ver:patchver, strict:FALSE) < 0) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : 7.0-E0202P03' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, 'HP Intelligent Management Center', port, version);
NASL family Misc. NASL id HP_IMC_BIMS_70_E0201P02.NASL description The version of the HP Intelligent Management Center Branch Intelligent Management System (BIMS) module on the remote host is version 7.x prior to 7.0-E0201P02 and has multiple vulnerabilities that could allow a remote attacker to access sensitive information via unspecified vectors. last seen 2020-06-01 modified 2020-06-02 plugin id 76621 published 2014-07-21 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76621 title HP Intelligent Management Center Branch Intelligent Management Module 7.x < 7.0-E0201P02 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76621); script_version("1.4"); script_cvs_date("Date: 2018/11/15 20:50:23"); script_cve_id( "CVE-2014-2618", "CVE-2014-2619", "CVE-2014-2620", "CVE-2014-2621", "CVE-2014-2622" ); script_bugtraq_id(68540, 68543, 68544, 68546, 68547); script_xref(name:"HP", value:"emr_na-c04369484"); script_xref(name:"HP", value:"HPSBHF02913"); script_xref(name:"HP", value:"SSRT101406"); script_xref(name:"HP", value:"SSRT101408"); script_xref(name:"HP", value:"SSRT101409"); script_xref(name:"HP", value:"SSRT101410"); script_xref(name:"HP", value:"SSRT101552"); script_name(english:"HP Intelligent Management Center Branch Intelligent Management Module 7.x < 7.0-E0201P02 Multiple Vulnerabilities"); script_summary(english:"Checks the version of HP Intelligent Management Center Branch Intelligent Management."); script_set_attribute(attribute:"synopsis", value: "The version of the HP Branch Intelligent Management System module on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of the HP Intelligent Management Center Branch Intelligent Management System (BIMS) module on the remote host is version 7.x prior to 7.0-E0201P02 and has multiple vulnerabilities that could allow a remote attacker to access sensitive information via unspecified vectors."); # https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1bc1d445"); script_set_attribute(attribute:"solution", value:"Upgrade the iMC BIMs module to version 7.0-E0201P02 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/14"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/21"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:intelligent_management_center"); script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:imc_branch_intelligent_management_system_software_module"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies('hp_imc_detect.nbin'); script_require_ports('Services/activemq', 61616); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Figure out which port to use port = get_service(svc:'activemq', default:61616, exit_on_fail:TRUE); version = get_kb_item_or_exit('hp/hp_imc/' + port + '/components/iMC-BIMS/version'); # Only Version 7.0 known to be affected if (version !~ "^7\.0") audit(AUDIT_LISTEN_NOT_VULN, 'HP Intelligent Management Center Branch Intelligent Management module', port, version); verparts = split(version, sep:"-"); patchver = FALSE; # Versions 7.0 affected before E0201P02, remove letters in patch version (if patched) if (max_index(verparts) > 1) patchver = ereg_replace(string:verparts[1], pattern:"[A-Z]", replace:""); # All versions have the "dash" : i.e. 7.0-E202P03 # if it doesn't have a dash we got a weird version somehow. if (!patchver) audit(AUDIT_UNKNOWN_APP_VER, 'HP Intelligent Management Center Branch Intelligent Management module'); if (ver_compare(fix:"020102", ver:patchver, strict:FALSE) < 0) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : 7.0-E0201P02' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, 'HP Intelligent Management Center Branch Intelligent Management module', port, version);