exploitDog

CVE-2015-2903

Опубликовано: 04 нояб. 2015

Источник: nvd

CVSS2: 6.9

EPSS Низкий

Описание

The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password.

Комментарий

CWE-798: Use of Hard-coded Credentials

Ссылки

http://www.kb.cert.org/vuls/id/350508
Third Party Advisory
US Government Resource
http://www.securitytracker.com/id/1034078
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04850932
Vendor Advisory
http://www.kb.cert.org/vuls/id/350508
Third Party Advisory
US Government Resource
http://www.securitytracker.com/id/1034078
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04850932
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hp:arcsight_smartconnectors:*:*:*:*:*:*:*:*

Версия до 7.1.5 (включая)

EPSS

Процентиль: 87%

0.03214

Низкий

6.9 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-645r-8fm2-2g4q

github

больше 3 лет назад

The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password.

EPSS

Процентиль: 87%

0.03214

Низкий

6.9 Medium

CVSS2

Дефекты

NVD-CWE-Other