CVE-2017-8975

{"id": "CVE-2017-8975", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-02-15T22:29:09.123", "references": [{"url": "http://www.securityfocus.com/bid/102410", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security-alert@hpe.com"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en_us", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}, {"url": "http://www.securityfocus.com/bid/102410", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en_us", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found."}, {"lang": "es", "value": "El proveedor de servicios SAML 2.0 de SAP Netweaver AS Java Web Application 7.50 no codifica lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS)."}], "lastModified": "2024-11-21T03:35:06.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:moonshot_provisioning_manager_appliance:1.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "681D4DCC-C81B-4BC7-BAF8-B30CBEC33C41"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}