CVE-2017-14354
medium
CVSS v3
6.1
CVSS v4 NEW
โ
VIR risk
6.1
Description
A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting.
Predictions
Exploit likelihood
71%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| hp | ucmdb_foundation_software | 10.10 | |
| hp | ucmdb_foundation_software | 10.11 | |
| hp | ucmdb_foundation_software | 10.20 | |
| hp | ucmdb_foundation_software | 10.21 | |
| hp | ucmdb_foundation_software | 10.22 | |
| hp | ucmdb_foundation_software | 10.30 | |
| hp | ucmdb_foundation_software | 10.31 | |
| hp | ucmdb_foundation_software | 10.32 | |
| hp | ucmdb_foundation_software | 10.33 | |
References
- http://www.securityfocus.com/bid/101254
- https://softwaresupport.hpe.com/km/KM02977984
- https://www.auscert.org.au/bulletins/53150
- https://www.tenable.com/security/research/tra-2017-32
- http://www.securityfocus.com/bid/101254
- https://softwaresupport.hpe.com/km/KM02977984
- https://www.auscert.org.au/bulletins/53150
- https://www.tenable.com/security/research/tra-2017-32
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.