Application Lifecycle Management

DATE	CVE	VULNERABILITY TITLE	RISK
2014-08-12	CVE-2014-2631	Local Privilege Escalation vulnerability in HP Application Lifecycle Management 11.50/12.00 Unspecified vulnerability in HP Application Lifecycle Management (aka Quality Center) 11.5x and 12.0x allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2138. local low complexity hp	4.6
2013-11-04	CVE-2013-4836	Remote Code Execution vulnerability in Application Lifecycle Management Synchronizer Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management (ALM) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1759. network low complexity hp	7.5
2013-11-04	CVE-2013-4834	Remote Code Execution vulnerability in HP Application Lifecycle Management 11.00 Unspecified vulnerability in the client component in HP Application LifeCycle Management (ALM) before 11 p11 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1327. network low complexity hp	7.5
2013-09-16	CVE-2013-4810	Code Injection vulnerability in HP products HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. network low complexity hp CWE-94 critical	10.0
2013-07-29	CVE-2013-4802	Cross-Site Scripting vulnerability in HP Application Lifecycle Management 11.00/11.50 Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ZDI-CAN-1565. network hp CWE-79	4.3