The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SiteScope

cybersecurity vulnerability CVE-2012-3259 CVE-2012-3260 CVE-2012-3261

HP SiteScope: six vulnerabilities

Synthesis of the vulnerability

An unauthenticated attacker can use several vulnerabilities of HP SiteScope, in order to execute privileged code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 29/08/2012.
Identifiers: BID-55269, BID-55273, c03489683, CERTA-2012-AVI-517, CVE-2012-3259, CVE-2012-3260, CVE-2012-3261, CVE-2012-3262, CVE-2012-3263, CVE-2012-3264, HPSBMU02815, SSRT100715, SSRT100717, SSRT100718, SSRT100719, SSRT100720, VIGILANCE-VUL-11903, ZDI-12-173, ZDI-12-174, ZDI-12-175, ZDI-12-176, ZDI-12-177, ZDI-12-178, ZDI-CAN-1461, ZDI-CAN-1463, ZDI-CAN-1464, ZDI-CAN-1465, ZDI-CAN-1472.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Six vulnerabilities were announced in HP SiteScope.

An unauthenticated attacker can call the SOAP getSiteScopeConfiguration() function, in order to obtain the administrator password. [severity:3/4; ZDI-12-173]

An unauthenticated attacker can use the UploadFilesHandler url, in order to upload a script on the server. [severity:3/4; BID-55273, ZDI-12-174]

An unauthenticated attacker can call the SOAP create() function, in order to create a new user. [severity:3/4; ZDI-12-175]

An unauthenticated attacker can call the SOAP getFileInternal() function, in order to read the configuration, which contains passwords. [severity:3/4; ZDI-12-176]

An unauthenticated attacker can call the SOAP loadFileContent() function, in order to read configuration files, which contain passwords. [severity:3/4; ZDI-12-177]

An unauthenticated attacker can call the SOAP update() function, in order to change the administrator's password. [severity:3/4; ZDI-12-178]
Full Vigil@nce bulletin... (Free trial)

threat alert 10957

HP SiteScope: two vulnerabilities

Synthesis of the vulnerability

An attacker can use two vulnerabilities of HP SiteScope, in order to read a file or to create a user.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 29/08/2011.
Identifiers: BID-49345, VIGILANCE-VUL-10957.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A user cannot do administrative actions, because they are greyed in the HP SiteScope interface. However a direct query to the servlet can access them. This leads to two vulnerabilities.

An attacker can login on the integrationViewer account, and use a com.mercury.sitescope.ui.common.bean.tools.LogAnalysisToolBean object, in order to read a file. [severity:2/4]

An attacker can login on the integrationViewer account, and use a UserInstancePreferences object, in order to create a user. [severity:3/4]
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2011-2400 CVE-2011-2401

HP SiteScope: two vulnerabilities

Synthesis of the vulnerability

An attacker can use two vulnerabilities of HP SiteScope, in order to create a Cross Site Scripting, or to access to a session.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 28/07/2011.
Identifiers: BID-48913, BID-48916, c02940969, CERTA-2011-AVI-427, CVE-2011-2400, CVE-2011-2401, HPSBMU02692, SSRT100581, VIGILANCE-VUL-10877.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Two vulnerabilities were announced in HP SiteScope.

An attacker can create a Cross Site Scripting, in order to execute JavaScript code in user's web browser. [severity:2/4; BID-48913, CERTA-2011-AVI-427, CVE-2011-2400]

An attacker can force the value of the session variable, in order to access to a user's session. [severity:3/4; BID-48916, CVE-2011-2401]

An attacker can therefore use two vulnerabilities of HP SiteScope, in order to create a Cross Site Scripting, or to access to a session.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2011-1726 CVE-2011-1727

HP SiteScope: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting or inject HTML code in HP SiteScope.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/04/2011.
Identifiers: BID-47554, c02807712, CERTA-2011-AVI-257, CVE-2011-1726, CVE-2011-1727, HPSBMA02667, SSRT100464, VIGILANCE-VUL-10597.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Two vulnerabilities were announced in HP SiteScope.

An attacker can create a Cross Site Scripting. [severity:2/4; CERTA-2011-AVI-257, CVE-2011-1726]

An attacker can inject HTML code. [severity:1/4; CVE-2011-1727]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SiteScope: