CVE-2014-2609
HP Executive Scorecard 9.40-9.41 - Unauthenticated Remote Code Execution via Java Glassfish Admin Console
Title source: llmDescription
The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_hp
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04341295
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59363
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-14-208/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68093
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030439
Scores
EPSS
0.2505
EPSS Percentile
96.3%
Details
CWE
CWE-287
Status
published
Products (2)
hp/executive_scorecard
9.40
hp/executive_scorecard
9.41
Published
Jun 19, 2014
Tracked Since
Feb 18, 2026