CVE-2008-3538 - Vulnerability Details - OpenCVE

Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the initial description of this CVE was inadvertently associated with libxml2, but it should be for HP Enterprise Discovery.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Enterprise Discovery
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:hp:enterprise_discovery:2.0:::::::*
	cpe:2.3:a:hp:enterprise_discovery:2.0.1:::::::*
	cpe:2.3:a:hp:enterprise_discovery:2.0.2:::::::*
	cpe:2.3:a:hp:enterprise_discovery:2.0.3:::::::*
	cpe:2.3:a:hp:enterprise_discovery:2.0.4:::::::*
	cpe:2.3:a:hp:enterprise_discovery:2.1:::::::*
	cpe:2.3:a:hp:enterprise_discovery:2.1.1:::::::*
	cpe:2.3:a:hp:enterprise_discovery:2.1.2:::::::*
	cpe:2.3:a:hp:enterprise_discovery:2.1.3:::::::*
	cpe:2.3:a:hp:enterprise_discovery:2.20:::::::*
	cpe:2.3:a:hp:enterprise_discovery:2.21:::::::*
	cpe:2.3:a:hp:enterprise_discovery:2.22:::::::*
	cpe:2.3:a:hp:enterprise_discovery:2.50:::::::*
	cpe:2.3:a:hp:enterprise_discovery:2.51:::::::*
	cpe:2.3:a:hp:enterprise_discovery:2.52:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=121985360414288&w=2
http://secunia.com/advisories/31616
http://securitytracker.com/id?1020760
http://www.securityfocus.com/bid/30865
http://www.vupen.com/english/advisories/2008/2446
https://exchange.xforce.ibmcloud.com/vulnerabilities/44709

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-02T14:00:00.000Z

Updated: 2024-08-07T09:45:18.485Z

Reserved: 2008-08-07T00:00:00.000Z

Link: CVE-2008-3538

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-09-02T14:24:00.000

Modified: 2026-04-23T00:35:47.467

Link: CVE-2008-3538

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-27T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the initial description of this CVE was inadvertently associated with libxml2, but it should be for HP Enterprise Discovery."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "hp-ed-unspecified-privilege-escalation(44709)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44709"}, {"name": "31616", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31616"}, {"name": "1020760", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1020760"}, {"name": "ADV-2008-2446", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2446"}, {"name": "SSRT080106", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=121985360414288&w=2"}, {"name": "HPSBMA02363", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=121985360414288&w=2"}, {"name": "30865", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30865"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3538", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the initial description of this CVE was inadvertently associated with libxml2, but it should be for HP Enterprise Discovery."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "hp-ed-unspecified-privilege-escalation(44709)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44709"}, {"name": "31616", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31616"}, {"name": "1020760", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020760"}, {"name": "ADV-2008-2446", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2446"}, {"name": "SSRT080106", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=121985360414288&w=2"}, {"name": "HPSBMA02363", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=121985360414288&w=2"}, {"name": "30865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30865"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:45:18.485Z"}, "title": "CVE Program Container", "references": [{"name": "hp-ed-unspecified-privilege-escalation(44709)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44709"}, {"name": "31616", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31616"}, {"name": "1020760", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1020760"}, {"name": "ADV-2008-2446", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2446"}, {"name": "SSRT080106", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=121985360414288&w=2"}, {"name": "HPSBMA02363", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=121985360414288&w=2"}, {"name": "30865", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30865"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3538", "datePublished": "2008-09-02T14:00:00.000Z", "dateReserved": "2008-08-07T00:00:00.000Z", "dateUpdated": "2024-08-07T09:45:18.485Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:enterprise_discovery:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2840218F-D7A5-4DB2-B2BD-934EE3AFBE01", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:enterprise_discovery:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "70F74F8E-9851-4403-8A19-605D021350CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:enterprise_discovery:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "EE6B8544-7455-4024-ABD2-FDFB96AC6B1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:enterprise_discovery:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "1B37843F-7655-4796-AECA-55538E63D901", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:enterprise_discovery:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "827156CF-9366-403B-A884-50B542DCD1F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:enterprise_discovery:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC4C982F-5B41-450D-9094-5181BCEC6041", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:enterprise_discovery:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5ED12EA8-657F-4A33-BC29-6A5097132EB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:enterprise_discovery:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "1BDD8889-909F-48AE-B4AE-17806BF1DAF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:enterprise_discovery:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "D81D977D-0B3D-4A58-9EA0-1C9FCFDFE067", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:enterprise_discovery:2.20:*:*:*:*:*:*:*", "matchCriteriaId": "60A13D1E-E4E1-408F-9426-86BA4BFA575C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:enterprise_discovery:2.21:*:*:*:*:*:*:*", "matchCriteriaId": "C35C6824-A6D5-4193-88D7-931A0151D1C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:enterprise_discovery:2.22:*:*:*:*:*:*:*", "matchCriteriaId": "153CB6BC-98B7-4419-AC3B-D5F3E114BDF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:enterprise_discovery:2.50:*:*:*:*:*:*:*", "matchCriteriaId": "D64A4860-7D43-4B9D-BB63-28C2833AC51C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:enterprise_discovery:2.51:*:*:*:*:*:*:*", "matchCriteriaId": "AD9450A3-4B90-4087-822E-F618ECD0AF6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:enterprise_discovery:2.52:*:*:*:*:*:*:*", "matchCriteriaId": "269EB34F-3F3F-4327-AEA6-7FE5D4E11B72", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the initial description of this CVE was inadvertently associated with libxml2, but it should be for HP Enterprise Discovery."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en Enterprise Discovery de HP versiones 2.0 hasta 2.52 en Windows, permite a usuarios autenticados remotos ejecutar c\u00f3digo arbitrario por medio de vectores desconocidos. NOTA: la descripci\u00f3n inicial de este CVE fue asociada inadvertidamente con libxml2, pero deber\u00eda ser para Enterprise Discovery de HP."}], "id": "CVE-2008-3538", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-02T14:24:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=121985360414288&w=2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31616"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1020760"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30865"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2446"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44709"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=121985360414288&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31616"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1020760"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/30865"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2446"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44709"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}