CVE-2017-14349

critical

Published 2017-09-30 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

7.5

VIR risk

9.8

Description

An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions
hp	sitescope	`11.20`
hp	sitescope	`11.21`
hp	sitescope	`11.22`
hp	sitescope	`11.23`
hp	sitescope	`11.24`
hp	sitescope	`11.24.391`
hp	sitescope	`11.30`
hp	sitescope	`11.30.521`
hp	sitescope	`11.31`
hp	sitescope	`11.32`
hp	sitescope	`11.33`

References

http://www.securityfocus.com/bid/100989
https://softwaresupport.hpe.com/km/KM02948051
https://www.auscert.org.au/bulletins/52758
http://www.securityfocus.com/bid/100989
https://softwaresupport.hpe.com/km/KM02948051
https://www.auscert.org.au/bulletins/52758

CWEs

CWE-269

Verify integrity in audit chain (admin only). AS-IS.