CERTA-2011-AVI-427
Vulnerability from certfr_avis - Published: 2011-08-01 - Updated: 2011-08-01
Deux vulnérabilités affectant HP SiteScope ont été corrigées.
Description
Deux vulnérabilités affectant HP SiteScope ont été identifiées :
- des entrées mal controlées peuvent être utilisées par une personne malveillante pour effectuer une injection de code indirecte à distance (XSS) ;
- une erreur dans la gestion des sessions peut être utilisée pour contourner la politique de sécurité (Session fixation).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HP SiteScope 10.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP SiteScope 9.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP SiteScope 11.x.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s affectant HP SiteScope ont \u00e9t\u00e9 identifi\u00e9es :\n\n- des entr\u00e9es mal control\u00e9es peuvent \u00eatre utilis\u00e9es par une personne\n malveillante pour effectuer une injection de code indirecte \u00e0\n distance (XSS) ;\n- une erreur dans la gestion des sessions peut \u00eatre utilis\u00e9e pour\n contourner la politique de s\u00e9curit\u00e9 (Session fixation).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2401",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2401"
},
{
"name": "CVE-2011-2400",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2400"
}
],
"initial_release_date": "2011-08-01T00:00:00",
"last_revision_date": "2011-08-01T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-427",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-08-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s affectant HP SiteScope ont \u00e9t\u00e9 corrig\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans HP SiteScope",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c02940969 du 27 juillet 2011",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…