Vulnerability Description
The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Helion Cloud Development Platform | 1.0 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98636
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c0Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98636
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c0Vendor Advisory
FAQ
What is CVE-2014-7878?
CVE-2014-7878 is a vulnerability with a CVSS score of 10.0 (HIGH). The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers'...
How severe is CVE-2014-7878?
CVE-2014-7878 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7878?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Helion Cloud Development Platform.