Sign-up

ID

VAR-201711-0050


CVE

CVE-2017-14359


TITLE

HPE Performance Center Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-009741

DESCRIPTION

A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting. HP Performance Center is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 1.89

sources: NVD: CVE-2017-14359 // JVNDB: JVNDB-2017-009741 // BID: 101659

AFFECTED PRODUCTS

vendor:hpmodel:performance centerscope:eqversion:12.20

Trust: 1.9

vendor:hewlett packardmodel:hpe performance centerscope:eqversion:12.20

Trust: 0.8

vendor:hpmodel:performance centerscope:neversion:12.50

Trust: 0.3

sources: BID: 101659 // JVNDB: JVNDB-2017-009741 // CNNVD: CNNVD-201709-919 // NVD: CVE-2017-14359

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14359
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-14359
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201709-919
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2017-14359
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2017-14359
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2017-009741 // CNNVD: CNNVD-201709-919 // NVD: CVE-2017-14359

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2017-009741 // NVD: CVE-2017-14359

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-919

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201709-919

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009741

PATCH
title:MFSBGN03788url:https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM02996754
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-009741

EXTERNAL IDS
db:NVDid:CVE-2017-14359
Trust: 2.7
db:BIDid:101659
Trust: 1.9
db:JVNDBid:JVNDB-2017-009741
Trust: 0.8
db:CNNVDid:CNNVD-201709-919
Trust: 0.6
sources:
            
            
            BID: 101659 // 
            
            
            
            JVNDB: JVNDB-2017-009741 // 
            
            
            
            CNNVD: CNNVD-201709-919 // 
            
            
            
            NVD: CVE-2017-14359

REFERENCES
url:https://softwaresupport.hpe.com/document/-/facetsearch/document/km02996754
Trust: 1.9
url:http://www.securityfocus.com/bid/101659
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14359
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14359
Trust: 0.8
url:http://www.hp.com/
Trust: 0.3
sources:
            
            
            BID: 101659 // 
            
            
            
            JVNDB: JVNDB-2017-009741 // 
            
            
            
            CNNVD: CNNVD-201709-919 // 
            
            
            
            NVD: CVE-2017-14359

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 101659

SOURCES
db:BIDid:101659
db:JVNDBid:JVNDB-2017-009741
db:CNNVDid:CNNVD-201709-919
db:NVDid:CVE-2017-14359

LAST UPDATE DATE
2025-04-20T23:32:48.442000+00:00

SOURCES UPDATE DATE
db:BIDid:101659date:2017-12-19T22:00:00
db:JVNDBid:JVNDB-2017-009741date:2017-11-21T00:00:00
db:CNNVDid:CNNVD-201709-919date:2017-11-07T00:00:00
db:NVDid:CVE-2017-14359date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:BIDid:101659date:2017-11-02T00:00:00
db:JVNDBid:JVNDB-2017-009741date:2017-11-21T00:00:00
db:CNNVDid:CNNVD-201709-919date:2017-09-21T00:00:00
db:NVDid:CVE-2017-14359date:2017-11-03T18:29:01.247