CVE-2017-14354 - Vulnerability Details - OpenCVE

A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Ucmdb Foundation Software

Configuration 1 [-]

OR	cpe:2.3:a:hp:ucmdb_foundation_software:10.10:::::::*
	cpe:2.3:a:hp:ucmdb_foundation_software:10.11:::::::*
	cpe:2.3:a:hp:ucmdb_foundation_software:10.20:::::::*
	cpe:2.3:a:hp:ucmdb_foundation_software:10.21:::::::*
	cpe:2.3:a:hp:ucmdb_foundation_software:10.22:::::::*
	cpe:2.3:a:hp:ucmdb_foundation_software:10.30:::::::*
	cpe:2.3:a:hp:ucmdb_foundation_software:10.31:::::::*
	cpe:2.3:a:hp:ucmdb_foundation_software:10.32:::::::*
	cpe:2.3:a:hp:ucmdb_foundation_software:10.33:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/101254
https://softwaresupport.hpe.com/km/KM02977984
https://www.auscert.org.au/bulletins/53150
https://www.tenable.com/security/research/tra-2017-32

History

No history.

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2017-10-05T15:00:00

Updated: 2024-08-05T19:27:40.341Z

Reserved: 2017-09-12T00:00:00

Link: CVE-2017-14354

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-10-05T15:29:00.277

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-14354

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-04T00:00:00", "descriptions": [{"lang": "en", "value": "A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:16:08", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"name": "101254", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101254"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2017-32"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://softwaresupport.hpe.com/km/KM02977984"}, {"name": "ESB-2017.2509", "tags": ["third-party-advisory", "x_refsource_AUSCERT"], "url": "https://www.auscert.org.au/bulletins/53150"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2017-14354", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "101254", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101254"}, {"name": "https://www.tenable.com/security/research/tra-2017-32", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2017-32"}, {"name": "https://softwaresupport.hpe.com/km/KM02977984", "refsource": "CONFIRM", "url": "https://softwaresupport.hpe.com/km/KM02977984"}, {"name": "ESB-2017.2509", "refsource": "AUSCERT", "url": "https://www.auscert.org.au/bulletins/53150"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:27:40.341Z"}, "title": "CVE Program Container", "references": [{"name": "101254", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101254"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2017-32"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://softwaresupport.hpe.com/km/KM02977984"}, {"name": "ESB-2017.2509", "tags": ["third-party-advisory", "x_refsource_AUSCERT", "x_transferred"], "url": "https://www.auscert.org.au/bulletins/53150"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2017-14354", "datePublished": "2017-10-05T15:00:00", "dateReserved": "2017-09-12T00:00:00", "dateUpdated": "2024-08-05T19:27:40.341Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:ucmdb_foundation_software:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "D1125157-FC5F-4F07-81A7-D2AD2B7957AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_foundation_software:10.11:*:*:*:*:*:*:*", "matchCriteriaId": "EF124634-2A30-4B07-A33E-BB4FDBC4E9C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_foundation_software:10.20:*:*:*:*:*:*:*", "matchCriteriaId": "78860693-A83D-401F-9517-C60D9097AE6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_foundation_software:10.21:*:*:*:*:*:*:*", "matchCriteriaId": "2717F1C2-8E27-4181-B5C0-6D3932EDBDF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_foundation_software:10.22:*:*:*:*:*:*:*", "matchCriteriaId": "17CB4F73-6839-4370-A49E-E08D0D604947", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_foundation_software:10.30:*:*:*:*:*:*:*", "matchCriteriaId": "CBABCE4D-D4D7-46FD-8244-5FD65D61C558", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_foundation_software:10.31:*:*:*:*:*:*:*", "matchCriteriaId": "7A1718D3-3166-4523-A2FF-4B9D9EF0F589", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_foundation_software:10.32:*:*:*:*:*:*:*", "matchCriteriaId": "17A7BB86-AB7E-413E-B263-D28A8D978293", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_foundation_software:10.33:*:*:*:*:*:*:*", "matchCriteriaId": "F9CF09FB-4AE6-4780-A08E-41317BD47700", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting."}, {"lang": "es", "value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) remoto en HP UCMDB Foundation Software en sus versiones 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32 y 10.33, que podr\u00edan explotarse de forma remota para permitir que se realicen ataques de Cross-Site Scripting (XSS)."}], "id": "CVE-2017-14354", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-05T15:29:00.277", "references": [{"source": "security@opentext.com", "url": "http://www.securityfocus.com/bid/101254"}, {"source": "security@opentext.com", "url": "https://softwaresupport.hpe.com/km/KM02977984"}, {"source": "security@opentext.com", "url": "https://www.auscert.org.au/bulletins/53150"}, {"source": "security@opentext.com", "url": "https://www.tenable.com/security/research/tra-2017-32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/101254"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://softwaresupport.hpe.com/km/KM02977984"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.auscert.org.au/bulletins/53150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.tenable.com/security/research/tra-2017-32"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}