CVE-2015-2802
HIGHHP Asset Manager 9.30-9.32, 9.40-9.41, 9.50 & Cloudsystem Chargeback 9.40 - Sensitive Info Exposure via RC4
Title source: llmDescription
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/75258
Mailing List, Third Party Advisory x_refsource_confirm
http://marc.info/?l=bugtraq&m=143455780010289&w=2
Mailing List, Third Party Advisory x_refsource_confirm
http://marc.info/?l=bugtraq&m=143629738517220&w=2
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/cve/CVE-2015-2802
Third Party Advisory, VDB Entry x_refsource_misc
https://securitytracker.com/id/1032599
Scores
CVSS v3
7.5
EPSS
0.0388
EPSS Percentile
88.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (9)
hp/asset_manager
9.30
hp/asset_manager
9.31
hp/asset_manager
9.32
hp/asset_manager
9.40
hp/asset_manager
9.41
hp/asset_manager
9.50
hp/asset_manager_cloudsystem_chargeback
9.40
hp/sitescope
11.30
hp/sitescope
11.20 - 11.24
Published
Feb 04, 2020
Tracked Since
Feb 18, 2026