Vulnerability Name:

CVE-2015-5402 (CCN-106318)

Assigned:2015-08-18
Published:2015-08-18
Updated:2015-08-27
Summary:HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive information, modify data, or cause a denial of service, via unspecified vectors.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2015-5402

Source: XF
Type: UNKNOWN
hp-sim-cve20155402-unauth-access(106318)

Source: CCN
Type: HPSBMU03394 rev.1
HP Systems Insight Manager on Linux and Windows, Multiple Vulnerabilities

Source: HP
Type: Vendor Advisory
HPSBMU03394

Source: HP
Type: Vendor Advisory
HPSBMU03409

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hp:systems_insight_manager:*:*:*:*:*:*:*:* (Version <= 7.4)
  • AND
  • cpe:/a:hp:matrix_operating_environment:*:*:*:*:*:*:*:* (Version <= 7.4)

    • Configuration CCN 1:
  • cpe:/a:hp:systems_insight_manager:7.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hp systems insight manager *
    hp matrix operating environment *
    hp systems insight manager 7.0