Vulnerability Name:

CVE-2009-4184 (CCN-56035)

Assigned:2009-10-05
Published:2009-10-05
Updated:2017-09-19
Summary:Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECMT) B.05.00 on HP-UX B.11.23 (11i v2) and HP-UX B.11.31 (11i v3) allows local users to gain access to an Oracle or Sybase database via unknown vectors.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.2 Medium (CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:N)
4.6 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): None
1.9 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N)
1.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-4184

Source: CCN
Type: HP Security Bulletin HPSBUX02464 SSRT090210 rev.1
HP Enterprise Cluster Master Toolkit (ECMT) running on HP-UX, Local Unauthorized Access

Source: HP
Type: Vendor Advisory
SSRT090210

Source: CCN
Type: SA38423
HP Enterprise Cluster Master Toolkit Unauthorised Access

Source: SECUNIA
Type: Vendor Advisory
38423

Source: CCN
Type: SECTRACK ID: 1023523
HP Serviceguard Enterprise Cluster Master Toolkit Lets Local Users Gain Elevated Privileges

Source: CCN
Type: OSVDB ID: 62070
HP Enterprise Cluster Master Toolkit (ECMT) Database Local Access Restriction Bypass

Source: BID
Type: UNKNOWN
38035

Source: CCN
Type: BID-38035
HP Enterprise Cluster Master Toolkit Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1023523

Source: VUPEN
Type: Vendor Advisory
ADV-2010-0272

Source: XF
Type: UNKNOWN
ecmt-unspecified-unauth-access(56035)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:12172

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:8305

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hp:enterprise_cluster_master_toolkit:b.05.00:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:11.11i:v2:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11i:v3:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:8305
    V
    		HP Enterprise Cluster Master Toolkit (ECMT) running on HP-UX, Local Unauthorized Access
    2015-04-20
    oval:org.mitre.oval:def:12172
    V
    		HP Enterprise Cluster Master Toolkit (ECMT) running on HP-UX, Local Unauthorized Access
    2015-04-20
    BACK
    hp enterprise cluster master toolkit b.05.00
    hp hp-ux 11.11i v2
    hp hp-ux 11.11i v3