CVE-2015-2802 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2015-2802?

CVE-2015-2802 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-2802?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Asset Manager, Hp Asset Manager Cloudsystem Chargeback, Hp Sitescope, Linux Linux Kernel, Microsoft Windows.

Vulnerability Description

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Hp	Asset Manager	9.30
Hp	Asset Manager Cloudsystem Chargeback	9.40
Hp	Sitescope	>= 11.20, <= 11.24
Linux	Linux Kernel	-
Microsoft	Windows	-
Oracle	Solaris	-

Related Weaknesses (CWE)

CWE-200

References

http://marc.info/?l=bugtraq&m=143455780010289&w=2Mailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=143629738517220&w=2Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/75258Third Party AdvisoryVDB Entry
https://packetstormsecurity.com/files/cve/CVE-2015-2802Third Party AdvisoryVDB Entry
https://securitytracker.com/id/1032599Third Party AdvisoryVDB Entry
http://marc.info/?l=bugtraq&m=143455780010289&w=2Mailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=143629738517220&w=2Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/75258Third Party AdvisoryVDB Entry
https://packetstormsecurity.com/files/cve/CVE-2015-2802Third Party AdvisoryVDB Entry
https://securitytracker.com/id/1032599Third Party AdvisoryVDB Entry

FAQ

What is CVE-2015-2802?

CVE-2015-2802 is a vulnerability with a CVSS score of 7.5 (HIGH). An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem C...

How severe is CVE-2015-2802?

CVE-2015-2802 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-2802?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Asset Manager, Hp Asset Manager Cloudsystem Chargeback, Hp Sitescope, Linux Linux Kernel, Microsoft Windows.