CVE-2014-7878

{"id": "CVE-2014-7878", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-14T00:59:02.637", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98636", "source": "hp-security-alert@hp.com"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04500238", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04500238", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98636", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04500238", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04500238", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection."}, {"lang": "es", "value": "La Application Lifecycle Service (ALS) en HP Cloud Development Platfom 1.0, cuando una m\u00e1quina virtual se deriva de la imagen Nodo Seed, usa la mismas claves de seguridad para las instalaciones de los clientes, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el aprovechamiento de estas teclas para una conexi\u00f3n."}], "lastModified": "2024-11-21T02:18:11.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:helion_cloud_development_platform:1.0:*:*:*:commercial:*:*:*", "vulnerable": true, "matchCriteriaId": "8FC69560-D4B9-4302-B980-B5D3C10F793C"}, {"criteria": "cpe:2.3:a:hp:helion_cloud_development_platform:1.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "58681785-49AF-4B13-893C-263E31346A5F"}], "operator": "OR"}]}], "sourceIdentifier": "hp-security-alert@hp.com"}