CVE-2014-2609

Published: Jun 19, 2014Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116.

Affected (2)

Products: Hp: Executive Scorecard

1 product

Executive Scorecard

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Hp Executive Scorecard	Version 9.40
Hp Executive Scorecard	Version 9.41

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (10)

http://secunia.com/advisories/59363

Source: hp-security-alert@hp.com

http://www.securityfocus.com/bid/68093

Source: hp-security-alert@hp.com

http://www.securitytracker.com/id/1030439

Source: hp-security-alert@hp.com

http://zerodayinitiative.com/advisories/ZDI-14-208/

Source: hp-security-alert@hp.com

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04341295

Source: hp-security-alert@hp.com

Vendor Advisory

http://secunia.com/advisories/59363