CNVD-2017-33014

Vulnerability from cnvd - Published: 2017-11-07
VLAI
Title
HP UCMDB Foundation Software跨站脚本漏洞
Description
HP UCMDB Foundation Software是能够为用户提供自底向上包括 基础架构的自动发现、数据模型建立、服务映射定义和服务影响分析四部分的功能。 HP UCMDB Foundation Software存在跨站脚本漏洞,允许远程攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。
Severity
Patch Name
HP UCMDB Foundation Software跨站脚本漏洞的补丁
Patch Description
HP UCMDB Foundation Software是能够为用户提供自底向上包括 基础架构的自动发现、数据模型建立、服务映射定义和服务影响分析四部分的功能。 HP UCMDB Foundation Software存在跨站脚本漏洞,允许远程攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞: https://softwaresupport.hpe.com/km/KM02977984

Reference
https://softwaresupport.hpe.com/km/KM02977984
Impacted products
Name
['HP UCMDB Foundation Software 10.33', 'HP UCMDB Foundation Software 10.32', 'HP UCMDB Foundation Software 10.31', 'HP UCMDB Foundation Software 10.30', 'HP UCMDB Foundation Software 10.22', 'HP UCMDB Foundation Software 10.21', 'HP UCMDB Foundation Software 10.20', 'HP UCMDB Foundation Software 10.11', 'HP UCMDB Foundation Software 10.10']
Show details on source website

{
  "bids": {
    "bid": {
      "bidNumber": "101254"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-14354"
    }
  },
  "description": "HP UCMDB Foundation Software\u662f\u80fd\u591f\u4e3a\u7528\u6237\u63d0\u4f9b\u81ea\u5e95\u5411\u4e0a\u5305\u62ec \u57fa\u7840\u67b6\u6784\u7684\u81ea\u52a8\u53d1\u73b0\u3001\u6570\u636e\u6a21\u578b\u5efa\u7acb\u3001\u670d\u52a1\u6620\u5c04\u5b9a\u4e49\u548c\u670d\u52a1\u5f71\u54cd\u5206\u6790\u56db\u90e8\u5206\u7684\u529f\u80fd\u3002\r\n\r\nHP UCMDB Foundation Software\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002",
  "discovererName": "HP",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://softwaresupport.hpe.com/km/KM02977984",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-33014",
  "openTime": "2017-11-07",
  "patchDescription": "HP UCMDB Foundation Software\u662f\u80fd\u591f\u4e3a\u7528\u6237\u63d0\u4f9b\u81ea\u5e95\u5411\u4e0a\u5305\u62ec \u57fa\u7840\u67b6\u6784\u7684\u81ea\u52a8\u53d1\u73b0\u3001\u6570\u636e\u6a21\u578b\u5efa\u7acb\u3001\u670d\u52a1\u6620\u5c04\u5b9a\u4e49\u548c\u670d\u52a1\u5f71\u54cd\u5206\u6790\u56db\u90e8\u5206\u7684\u529f\u80fd\u3002\r\n\r\nHP UCMDB Foundation Software\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HP UCMDB Foundation Software\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "HP UCMDB Foundation Software 10.33",
      "HP UCMDB Foundation Software 10.32",
      "HP UCMDB Foundation Software 10.31",
      "HP UCMDB Foundation Software 10.30",
      "HP UCMDB Foundation Software 10.22",
      "HP UCMDB Foundation Software 10.21",
      "HP UCMDB Foundation Software 10.20",
      "HP UCMDB Foundation Software 10.11",
      "HP UCMDB Foundation Software 10.10"
    ]
  },
  "referenceLink": "https://softwaresupport.hpe.com/km/KM02977984",
  "serverity": "\u4e2d",
  "submitTime": "2017-10-09",
  "title": "HP UCMDB Foundation Software\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…