Vigil@nce - HP SiteScope: privilege escalation
July 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can bypass restrictions of HP SiteScope, in order to
escalate his privileges.
Impacted products: SiteScope
Severity: 2/4
Creation date: 26/05/2015
Revision date: 27/05/2015
DESCRIPTION OF THE VULNERABILITY
The HP SiteScope product is used for software monitoring.
However, a remote authenticated user can read the users.config
file, containing information about users.
An attacker can therefore bypass restrictions of HP SiteScope, in
order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/HP-SiteScope-privilege-escalation-16988