CVE-2015-2117

high HPE
CVSS v3 Base Score
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Score
10.2%
Exploitation probability in 30 days
Top 7% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Published: April 27, 2015 (4036 days ago)
Last Modified: May 6, 2026
Vendor: HPE
Source: NVD

Description

HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI requests, which allows remote attackers to execute arbitrary code by (1) uploading this code within an archive or (2) instantiating a class.

CWE

CWE-287

Affected Products

hp tippingpoint security management systemhp tippingpoint virtual security management system

References

🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 zerodayinitiative.com 🔗 h20564.www2.hp.com 🔗 www.securityfocus.com