Sign-up

ID

VAR-201802-0734


CVE

CVE-2017-8953


TITLE

HPE LoadRunner and Performance Center Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-012576

DESCRIPTION

A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content on behalf of the victim on the SharePoint site

Trust: 1.89

sources: NVD: CVE-2017-8953 // JVNDB: JVNDB-2017-012576 // BID: 100338

AFFECTED PRODUCTS

vendor:hpmodel:loadrunnerscope:lteversion:12.53

Trust: 1.0

vendor:hpmodel:performance centerscope:lteversion:12.53

Trust: 1.0

vendor:hpmodel:performance centerscope:eqversion:12.53

Trust: 0.9

vendor:hpmodel:loadrunnerscope:eqversion:12.53

Trust: 0.9

vendor:hewlett packardmodel:hpe loadrunnerscope:lteversion:12.53

Trust: 0.8

vendor:hewlett packardmodel:hpe performance centerscope:lteversion:12.53

Trust: 0.8

vendor:hpmodel:performance centerscope:eqversion:12.50

Trust: 0.3

vendor:hpmodel:performance centerscope:eqversion:12.20

Trust: 0.3

vendor:hpmodel:performance centerscope:eqversion:12.01

Trust: 0.3

vendor:hpmodel:performance centerscope:eqversion:12.00

Trust: 0.3

vendor:hpmodel:performance centerscope:eqversion:12.0

Trust: 0.3

vendor:hpmodel:performance centerscope:eqversion:11.52

Trust: 0.3

vendor:hpmodel:loadrunnerscope:eqversion:12.50

Trust: 0.3

vendor:hpmodel:loadrunnerscope:eqversion:12.02

Trust: 0.3

vendor:hpmodel:loadrunnerscope:eqversion:12.01

Trust: 0.3

vendor:hpmodel:loadrunnerscope:eqversion:12.0

Trust: 0.3

vendor:hpmodel:loadrunnerscope:eqversion:11.52

Trust: 0.3

vendor:hpmodel:loadrunnerscope:eqversion:11.0

Trust: 0.3

sources: BID: 100338 // JVNDB: JVNDB-2017-012576 // CNNVD: CNNVD-201705-1043 // NVD: CVE-2017-8953

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8953
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8953
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201705-1043
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2017-8953
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2017-8953
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2017-012576 // CNNVD: CNNVD-201705-1043 // NVD: CVE-2017-8953

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2017-012576 // NVD: CVE-2017-8953

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1043

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201705-1043

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012576

PATCH
title:HPESBGN03764url:https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03764en_us
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-012576

EXTERNAL IDS
db:NVDid:CVE-2017-8953
Trust: 2.7
db:SECTRACKid:1038867
Trust: 1.6
db:SECTRACKid:1038868
Trust: 1.6
db:JVNDBid:JVNDB-2017-012576
Trust: 0.8
db:CNNVDid:CNNVD-201705-1043
Trust: 0.6
db:BIDid:100338
Trust: 0.3
sources:
            
            
            BID: 100338 // 
            
            
            
            JVNDB: JVNDB-2017-012576 // 
            
            
            
            CNNVD: CNNVD-201705-1043 // 
            
            
            
            NVD: CVE-2017-8953

REFERENCES
url:http://www.securitytracker.com/id/1038867
Trust: 1.6
url:http://www.securitytracker.com/id/1038868
Trust: 1.6
url:https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbgn03764en_us
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8953
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8953
Trust: 0.8
url:http://www.hp.com/
Trust: 0.3
url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbgn03764en_us
Trust: 0.3
sources:
            
            
            BID: 100338 // 
            
            
            
            JVNDB: JVNDB-2017-012576 // 
            
            
            
            CNNVD: CNNVD-201705-1043 // 
            
            
            
            NVD: CVE-2017-8953

CREDITS
gheckoxs
Trust: 0.3
sources:
            
            
            BID: 100338

SOURCES
db:BIDid:100338
db:JVNDBid:JVNDB-2017-012576
db:CNNVDid:CNNVD-201705-1043
db:NVDid:CVE-2017-8953

LAST UPDATE DATE
2024-11-23T22:26:28.199000+00:00

SOURCES UPDATE DATE
db:BIDid:100338date:2017-07-17T00:00:00
db:JVNDBid:JVNDB-2017-012576date:2018-03-23T00:00:00
db:CNNVDid:CNNVD-201705-1043date:2018-02-24T00:00:00
db:NVDid:CVE-2017-8953date:2024-11-21T03:35:03.717

SOURCES RELEASE DATE
db:BIDid:100338date:2017-07-17T00:00:00
db:JVNDBid:JVNDB-2017-012576date:2018-03-23T00:00:00
db:CNNVDid:CNNVD-201705-1043date:2017-05-23T00:00:00
db:NVDid:CVE-2017-8953date:2018-02-15T22:29:08.077