SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Storage)  >   HPE StoreVirtual Storage Vendors:   HPE
HP StoreVirtual Bugs Let Remote Users Obtain Information and Remote Authenticated Users Gain Elevated Privileges
SecurityTracker Alert ID:  1030567
SecurityTracker URL:  http://securitytracker.com/id/1030567
CVE Reference:   CVE-2014-2605, CVE-2014-2606   (Links to External Site)
Date:  Jul 14 2014
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5, 10.0, 10.5, 11.0
Description:   Two vulnerabilities were reported in HP StoreVirtual 4000 Storage and StoreVirtual VSA. A remote authenticated user can gain elevated privileges on the target system. A remote user can obtain potentially sensitive information.

A remote user can obtain potentially sensitive information [CVE-2014-2605].

A remote authenticated user can gain full control of the target system [CVE-2014-2606].

Calum Hutton reported this vulnerabilities.

Impact:   A remote authenticated user can gain full control of the target system.

A remote user can obtain potentially sensitive information.

Solution:   The vendor has issued a fix.

The vendor's advisory is available at:

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=1emr_na-c04281279-1

Vendor URL:  h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=1emr_na-c04281279-1 (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC