CVE-2014-2612

HP Release Control <9.13-9.21 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2612. PoCs published by Brandon Perry.

AI-analyzed exploit summary This Metasploit module exploits three vulnerabilities in HP Release Control: an information disclosure to retrieve admin ID, a privilege escalation to change the admin password, and an XXE vulnerability to read arbitrary files. It authenticates, escalates privileges, and then uses XXE to exfiltrate file contents.

Description

Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sensitive information via unknown vectors.

Exploits (1)

exploitdb WORKING POC
by Brandon Perry · rubywebappswindows
https://www.exploit-db.com/exploits/33434

This Metasploit module exploits three vulnerabilities in HP Release Control: an information disclosure to retrieve admin ID, a privilege escalation to change the admin password, and an XXE vulnerability to read arbitrary files. It authenticates, escalates privileges, and then uses XXE to exfiltrate file contents.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: HP Release Control 9.20.0000
Auth required
Prerequisites: Valid credentials for an authenticated user · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030490
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/68244

Scores

EPSS 0.0684
EPSS Percentile 93.2%

Details

Status published
Products (6)
hp/release_control 9.20
hp/release_control 9.21
hp/release_control 9.1
hp/release_control 9.11
hp/release_control 9.12
hp/release_control 9.13
Published Jun 28, 2014
Tracked Since Feb 18, 2026