Search criteria
15 vulnerabilities found for vertica by opentext
FKIE_CVE-2024-6360
Vulnerability from fkie_nvd - Published: 2024-10-02 16:15 - Updated: 2025-11-19 13:30
Severity ?
Summary
Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey.
This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X.
References
| URL | Tags | ||
|---|---|---|---|
| security@opentext.com | https://portal.microfocus.com/s/article/KM000033373?language=en_US | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | vertica | * | |
| microfocus | vertica | * | |
| microfocus | vertica | * | |
| opentext | vertica | * | |
| opentext | vertica | * | |
| opentext | vertica | 24.3.0-0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4A97CBA-CE91-4F9F-9A85-6FD7E648E330",
"versionEndExcluding": "12.0.4-30",
"versionStartIncluding": "10.0.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8474396A-2075-4DC5-A0AD-EE68273DAD9D",
"versionEndExcluding": "23.3.0-11",
"versionStartIncluding": "23.0.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B94CC9-3617-46F7-843A-129A00BD8D7B",
"versionEndExcluding": "23.4.0-13",
"versionStartIncluding": "23.4.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D740B9B2-4F80-4D55-8B00-73B82CCC1CD1",
"versionEndExcluding": "24.1.0-8",
"versionStartIncluding": "24.1.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD94CBC-CA6B-469A-8395-C5A833C54DDB",
"versionEndExcluding": "24.2.0-4",
"versionStartIncluding": "24.2.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opentext:vertica:24.3.0-0:*:*:*:*:*:*:*",
"matchCriteriaId": "63B12357-FB4A-437D-AAD2-EC5BB7E0D789",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in OpenText\u2122 Vertica could allow Privilege Abuse and result in\u00a0unauthorized access or privileges to Vertica agent apikey.\nThis issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X."
},
{
"lang": "es",
"value": "La vulnerabilidad de asignaci\u00f3n incorrecta de permisos para recursos cr\u00edticos en OpenText\u2122 Vertica podr\u00eda permitir el abuso de privilegios y dar como resultado el acceso no autorizado o los privilegios a la clave API del agente de Vertica. Este problema afecta a Vertica: de la versi\u00f3n 10.0 a la 10.X, de la versi\u00f3n 11.0 a la 11.X, de la versi\u00f3n 12.0 a la 12.X, de la versi\u00f3n 23.0 a la 23.X, de la versi\u00f3n 24.0 a la 24.X."
}
],
"id": "CVE-2024-6360",
"lastModified": "2025-11-19T13:30:31.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"source": "security@opentext.com",
"type": "Secondary"
}
]
},
"published": "2024-10-02T16:15:11.103",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000033373?language=en_US"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "security@opentext.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-7248
Vulnerability from fkie_nvd - Published: 2024-03-15 20:15 - Updated: 2024-11-21 08:45
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.
The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences.
This issue impacts the following Vertica Management Console versions:
10.x
11.1.1-24 or lower
12.0.4-18 or lower
Please upgrade to one of the following Vertica Management Console versions:
10.x to upgrade to latest versions from below.
11.1.1-25
12.0.4-19
23.x
24.x
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "056D6A40-95C6-4FEA-91C9-B5C41AE254C4",
"versionEndIncluding": "10.1.1-26",
"versionStartIncluding": "10.0.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C15386AE-A142-4A50-9B64-276C2FC3E959",
"versionEndExcluding": "11.1.1-25",
"versionStartIncluding": "11.0.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84FC2248-AAC2-4994-BBB3-6705EAB9934B",
"versionEndExcluding": "12.0.4-19",
"versionStartIncluding": "12.0.0-0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nCertain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.\u00a0\n\nThe vulnerability would affect one of Vertica\u2019s authentication functionalities by allowing specially crafted requests and sequences. \nThis issue impacts the following Vertica Management Console versions:\n10.x\n11.1.1-24 or lower\n12.0.4-18 or lower\n\nPlease upgrade to one of the following Vertica Management Console versions:\n10.x to upgrade to latest versions from below.\n11.1.1-25\n12.0.4-19\n23.x\n24.x\n\n"
},
{
"lang": "es",
"value": "Ciertas funciones en la consola de OpenText Vertica Management pueden ser propensas a omitirse mediante solicitudes manipuladas. La vulnerabilidad afectar\u00eda una de las funcionalidades de autenticaci\u00f3n de Vertica al permitir solicitudes y secuencias especialmente manipuladas. Este problema afecta las siguientes versiones de Vertica Management Console: 10.x 11.1.1-24 o anterior 12.0.4-18 o anterior Actualice a una de las siguientes versiones de Vertica Management Console: 10.x para actualizar a las \u00faltimas versiones desde abajo. 11.1.1-25 12.0.4-19 23.x 24.x"
}
],
"id": "CVE-2023-7248",
"lastModified": "2024-11-21T08:45:36.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-15T20:15:07.280",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-5802
Vulnerability from fkie_nvd - Published: 2018-02-15 22:29 - Updated: 2025-11-19 13:30
Severity ?
Summary
A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found.
References
| URL | Tags | ||
|---|---|---|---|
| security-alert@hpe.com | http://www.securityfocus.com/bid/97706 | Third Party Advisory, VDB Entry | |
| security-alert@hpe.com | https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03734en_us | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97706 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03734en_us | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF3D973-762B-4C0E-894A-9606094322F0",
"versionEndExcluding": "6.1.3-20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14C71968-69F3-46D0-858F-18157DCD078E",
"versionEndExcluding": "7.0.2-13",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16664B5C-763F-4B63-883B-9B65900ECC12",
"versionEndExcluding": "7.1.2-21",
"versionStartIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "011C4EE6-5AF4-4398-9689-46727F044B79",
"versionEndExcluding": "7.2.3-18",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CAE19D1-E374-43AA-992A-EBE4686ADE81",
"versionEndExcluding": "8.0.1-3",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53231C57-C6D3-4A28-98A6-6C5AE29B9CB4",
"versionEndExcluding": "8.1.0-1",
"versionStartIncluding": "8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de obtenci\u00f3n de acceso privilegiado remoto en HPE Vertica Analytics Platform en versiones v4.1 y posteriores."
}
],
"id": "CVE-2017-5802",
"lastModified": "2025-11-19T13:30:31.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-15T22:29:06.230",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97706"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03734en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03734en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-2002
Vulnerability from fkie_nvd - Published: 2016-04-20 17:59 - Updated: 2025-11-19 13:23
Severity ?
Summary
The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B1F4216-795F-4816-AE72-0B1A069EF4FD",
"versionEndExcluding": "7.0.2.12",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2060B70F-852D-485F-823D-8FC03AA8EED6",
"versionEndExcluding": "7.1.2-12",
"versionStartIncluding": "7.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opentext:vertica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A1A9D1-855F-4853-9E43-2A9609E1C18B",
"versionEndExcluding": "7.2.2-1",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417."
},
{
"lang": "es",
"value": "El manejador validateAdminConfig en el Analytics Management Console en HPE Vertica 7.0.x en versiones anteriores a 7.0.2.12, 7.1.x en versiones anteriores a 7.1.2-12 y 7.2.x en versiones anteriores a 7.2.2-1 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro mcPort , tambi\u00e9n conocido como ZDI-CAN-3417."
}
],
"id": "CVE-2016-2002",
"lastModified": "2025-11-19T13:23:10.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-20T17:59:01.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-16-244/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-16-244/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085303"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-6867
Vulnerability from fkie_nvd - Published: 2015-11-04 03:59 - Updated: 2025-11-19 13:23
Severity ?
Summary
The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opentext:vertica:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D18B6631-DB97-47BC-9DE7-12A31192F2F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914."
},
{
"lang": "es",
"value": "El proceso vertica-udx-zygote en HP Vertica 7.1.1 UDx no requiere autenticaci\u00f3n, lo que permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de un paquete manipulado, tambi\u00e9n conocido como ZDI-CAN-2914."
}
],
"id": "CVE-2015-6867",
"lastModified": "2025-11-19T13:23:10.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-04T03:59:11.483",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/77405"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-6360 (GCVE-0-2024-6360)
Vulnerability from cvelistv5 – Published: 2024-10-02 15:19 – Updated: 2024-10-02 16:30
VLAI?
Summary
Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey.
This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
Credits
Davide Brian Di Campi, TIM Security Red Team Research
Massimiliano Brolli, TIM Security Red Team Research
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T16:23:57.623653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T16:24:14.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vertica",
"vendor": "OpenText\u2122",
"versions": [
{
"lessThanOrEqual": "10.x",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.x",
"status": "affected",
"version": "11.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.x",
"status": "affected",
"version": "12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "23.x",
"status": "affected",
"version": "23.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "24.x",
"status": "affected",
"version": "24.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Davide Brian Di Campi, TIM Security Red Team Research"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli, TIM Security Red Team Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in OpenText\u2122 Vertica could allow Privilege Abuse and result in\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eunauthorized access or privileges to Vertica agent apikey.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X.\u003c/p\u003e"
}
],
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in OpenText\u2122 Vertica could allow Privilege Abuse and result in\u00a0unauthorized access or privileges to Vertica agent apikey.\nThis issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H/AU:Y/R:U/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T16:30:37.533Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000033373?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000033373?language=en_US\"\u003ehttps://portal.microfocus.com/s/article/KM000033373?language=en_US\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://portal.microfocus.com/s/article/KM000033373?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in OpenText\u2122 Vertica.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-6360",
"datePublished": "2024-10-02T15:19:15.457Z",
"dateReserved": "2024-06-26T20:35:10.510Z",
"dateUpdated": "2024-10-02T16:30:37.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7248 (GCVE-0-2023-7248)
Vulnerability from cvelistv5 – Published: 2024-03-15 19:30 – Updated: 2024-08-02 08:57
VLAI?
Summary
Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.
The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences.
This issue impacts the following Vertica Management Console versions:
10.x
11.1.1-24 or lower
12.0.4-18 or lower
Please upgrade to one of the following Vertica Management Console versions:
10.x to upgrade to latest versions from below.
11.1.1-25
12.0.4-19
23.x
24.x
Severity ?
5 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Opentext | Vertica Management Console |
Affected:
10.x
Affected: 11.x , ≤ 11.1.1-24 (custom) Affected: 12.x , ≤ 12.0.4-18 (custom) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:vertica_management_console:10.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vertica_management_console",
"vendor": "opentext",
"versions": [
{
"lessThan": "11.0",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:opentext:vertica_management_console:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vertica_management_console",
"vendor": "opentext",
"versions": [
{
"lessThanOrEqual": "11.1.1-24",
"status": "affected",
"version": "11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:opentext:vertica_management_console:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vertica_management_console",
"vendor": "opentext",
"versions": [
{
"lessThanOrEqual": "12.0.4-18",
"status": "affected",
"version": "12.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T14:06:10.703241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T16:48:47.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vertica Management Console",
"vendor": "Opentext",
"versions": [
{
"status": "affected",
"version": "10.x"
},
{
"lessThanOrEqual": "11.1.1-24",
"status": "affected",
"version": "11.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.0.4-18",
"status": "affected",
"version": "12.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-03-12T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cstrong\u003eCertain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cstrong\u003eThe vulnerability would affect one of Vertica\u2019s authentication functionalities by allowing specially crafted requests and sequences. \u003c/strong\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cstrong\u003eThis issue impacts the following Vertica Management Console versions:\u003c/strong\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cstrong\u003e10.x\u003c/strong\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cstrong\u003e11.1.1-24 or lower\u003c/strong\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cstrong\u003e12.0.4-18 or lower\u003c/strong\u003e\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to one of the following Vertica Management Console versions:\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e10.x to upgrade to latest versions from below.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e11.1.1-25\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e12.0.4-19\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.x\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e24.x\u003c/span\u003e\n\n\u003c/strong\u003e\n\n\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "\nCertain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.\u00a0\n\nThe vulnerability would affect one of Vertica\u2019s authentication functionalities by allowing specially crafted requests and sequences. \nThis issue impacts the following Vertica Management Console versions:\n10.x\n11.1.1-24 or lower\n12.0.4-18 or lower\n\nPlease upgrade to one of the following Vertica Management Console versions:\n10.x to upgrade to latest versions from below.\n11.1.1-25\n12.0.4-19\n23.x\n24.x\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-140",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-140 Bypassing of Intermediate Forms in Multiple-Form Sets"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T19:30:27.419Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000027542?language=en_US\"\u003ehttps://portal.microfocus.com/s/article/KM000027542?language=en_US\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "\n https://portal.microfocus.com/s/article/KM000027542?language=en_US \n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenText Vertica Management console might be prone to bypass via crafted requests",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2023-7248",
"datePublished": "2024-03-15T19:30:27.419Z",
"dateReserved": "2024-02-26T17:58:17.863Z",
"dateUpdated": "2024-08-02T08:57:35.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5802 (GCVE-0-2017-5802)
Vulnerability from cvelistv5 – Published: 2018-02-15 22:00 – Updated: 2024-09-16 18:08
VLAI?
Summary
A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found.
Severity ?
No CVSS data available.
CWE
- Remote Gain Privileged Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | Vertica Analytics Platform |
Affected:
v4.1 and later
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97706",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03734en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Vertica Analytics Platform",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "v4.1 and later"
}
]
}
],
"datePublic": "2017-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Gain Privileged Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T15:57:01",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"name": "97706",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03734en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-04-18T00:00:00",
"ID": "CVE-2017-5802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Vertica Analytics Platform",
"version": {
"version_data": [
{
"version_value": "v4.1 and later"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Gain Privileged Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97706",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97706"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03734en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03734en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2017-5802",
"datePublished": "2018-02-15T22:00:00Z",
"dateReserved": "2017-02-01T00:00:00",
"dateUpdated": "2024-09-16T18:08:08.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2002 (GCVE-0-2016-2002)
Vulnerability from cvelistv5 – Published: 2016-04-20 17:00 – Updated: 2024-08-05 23:17
VLAI?
Summary
The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:49.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-16-244/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085303"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-16-244/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085303"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-16-244/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-16-244/"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085303",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085303"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2002",
"datePublished": "2016-04-20T17:00:00",
"dateReserved": "2016-01-22T00:00:00",
"dateUpdated": "2024-08-05T23:17:49.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6867 (GCVE-0-2015-6867)
Vulnerability from cvelistv5 – Published: 2015-11-04 02:00 – Updated: 2024-08-06 07:36
VLAI?
Summary
The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:34.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/"
},
{
"name": "77405",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77405"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/"
},
{
"name": "77405",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77405"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/"
},
{
"name": "77405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77405"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6867",
"datePublished": "2015-11-04T02:00:00",
"dateReserved": "2015-09-10T00:00:00",
"dateUpdated": "2024-08-06T07:36:34.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6360 (GCVE-0-2024-6360)
Vulnerability from nvd – Published: 2024-10-02 15:19 – Updated: 2024-10-02 16:30
VLAI?
Summary
Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey.
This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
Credits
Davide Brian Di Campi, TIM Security Red Team Research
Massimiliano Brolli, TIM Security Red Team Research
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T16:23:57.623653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T16:24:14.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vertica",
"vendor": "OpenText\u2122",
"versions": [
{
"lessThanOrEqual": "10.x",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.x",
"status": "affected",
"version": "11.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.x",
"status": "affected",
"version": "12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "23.x",
"status": "affected",
"version": "23.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "24.x",
"status": "affected",
"version": "24.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Davide Brian Di Campi, TIM Security Red Team Research"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli, TIM Security Red Team Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in OpenText\u2122 Vertica could allow Privilege Abuse and result in\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eunauthorized access or privileges to Vertica agent apikey.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X.\u003c/p\u003e"
}
],
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in OpenText\u2122 Vertica could allow Privilege Abuse and result in\u00a0unauthorized access or privileges to Vertica agent apikey.\nThis issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H/AU:Y/R:U/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T16:30:37.533Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000033373?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000033373?language=en_US\"\u003ehttps://portal.microfocus.com/s/article/KM000033373?language=en_US\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://portal.microfocus.com/s/article/KM000033373?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in OpenText\u2122 Vertica.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-6360",
"datePublished": "2024-10-02T15:19:15.457Z",
"dateReserved": "2024-06-26T20:35:10.510Z",
"dateUpdated": "2024-10-02T16:30:37.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7248 (GCVE-0-2023-7248)
Vulnerability from nvd – Published: 2024-03-15 19:30 – Updated: 2024-08-02 08:57
VLAI?
Summary
Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.
The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences.
This issue impacts the following Vertica Management Console versions:
10.x
11.1.1-24 or lower
12.0.4-18 or lower
Please upgrade to one of the following Vertica Management Console versions:
10.x to upgrade to latest versions from below.
11.1.1-25
12.0.4-19
23.x
24.x
Severity ?
5 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Opentext | Vertica Management Console |
Affected:
10.x
Affected: 11.x , ≤ 11.1.1-24 (custom) Affected: 12.x , ≤ 12.0.4-18 (custom) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:vertica_management_console:10.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vertica_management_console",
"vendor": "opentext",
"versions": [
{
"lessThan": "11.0",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:opentext:vertica_management_console:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vertica_management_console",
"vendor": "opentext",
"versions": [
{
"lessThanOrEqual": "11.1.1-24",
"status": "affected",
"version": "11.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:opentext:vertica_management_console:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vertica_management_console",
"vendor": "opentext",
"versions": [
{
"lessThanOrEqual": "12.0.4-18",
"status": "affected",
"version": "12.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T14:06:10.703241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T16:48:47.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vertica Management Console",
"vendor": "Opentext",
"versions": [
{
"status": "affected",
"version": "10.x"
},
{
"lessThanOrEqual": "11.1.1-24",
"status": "affected",
"version": "11.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.0.4-18",
"status": "affected",
"version": "12.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-03-12T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cstrong\u003eCertain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cstrong\u003eThe vulnerability would affect one of Vertica\u2019s authentication functionalities by allowing specially crafted requests and sequences. \u003c/strong\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cstrong\u003eThis issue impacts the following Vertica Management Console versions:\u003c/strong\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cstrong\u003e10.x\u003c/strong\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cstrong\u003e11.1.1-24 or lower\u003c/strong\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cstrong\u003e12.0.4-18 or lower\u003c/strong\u003e\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to one of the following Vertica Management Console versions:\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e10.x to upgrade to latest versions from below.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e11.1.1-25\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e12.0.4-19\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.x\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e24.x\u003c/span\u003e\n\n\u003c/strong\u003e\n\n\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "\nCertain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.\u00a0\n\nThe vulnerability would affect one of Vertica\u2019s authentication functionalities by allowing specially crafted requests and sequences. \nThis issue impacts the following Vertica Management Console versions:\n10.x\n11.1.1-24 or lower\n12.0.4-18 or lower\n\nPlease upgrade to one of the following Vertica Management Console versions:\n10.x to upgrade to latest versions from below.\n11.1.1-25\n12.0.4-19\n23.x\n24.x\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-140",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-140 Bypassing of Intermediate Forms in Multiple-Form Sets"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T19:30:27.419Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000027542?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000027542?language=en_US\"\u003ehttps://portal.microfocus.com/s/article/KM000027542?language=en_US\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "\n https://portal.microfocus.com/s/article/KM000027542?language=en_US \n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenText Vertica Management console might be prone to bypass via crafted requests",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2023-7248",
"datePublished": "2024-03-15T19:30:27.419Z",
"dateReserved": "2024-02-26T17:58:17.863Z",
"dateUpdated": "2024-08-02T08:57:35.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5802 (GCVE-0-2017-5802)
Vulnerability from nvd – Published: 2018-02-15 22:00 – Updated: 2024-09-16 18:08
VLAI?
Summary
A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found.
Severity ?
No CVSS data available.
CWE
- Remote Gain Privileged Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | Vertica Analytics Platform |
Affected:
v4.1 and later
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97706",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03734en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Vertica Analytics Platform",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "v4.1 and later"
}
]
}
],
"datePublic": "2017-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Gain Privileged Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T15:57:01",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"name": "97706",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03734en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-04-18T00:00:00",
"ID": "CVE-2017-5802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Vertica Analytics Platform",
"version": {
"version_data": [
{
"version_value": "v4.1 and later"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Gain Privileged Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97706",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97706"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03734en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03734en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2017-5802",
"datePublished": "2018-02-15T22:00:00Z",
"dateReserved": "2017-02-01T00:00:00",
"dateUpdated": "2024-09-16T18:08:08.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2002 (GCVE-0-2016-2002)
Vulnerability from nvd – Published: 2016-04-20 17:00 – Updated: 2024-08-05 23:17
VLAI?
Summary
The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:49.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-16-244/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085303"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-16-244/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085303"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-16-244/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-16-244/"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085303",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085303"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2002",
"datePublished": "2016-04-20T17:00:00",
"dateReserved": "2016-01-22T00:00:00",
"dateUpdated": "2024-08-05T23:17:49.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6867 (GCVE-0-2015-6867)
Vulnerability from nvd – Published: 2015-11-04 02:00 – Updated: 2024-08-06 07:36
VLAI?
Summary
The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:34.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/"
},
{
"name": "77405",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77405"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/"
},
{
"name": "77405",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77405"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/"
},
{
"name": "77405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77405"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6867",
"datePublished": "2015-11-04T02:00:00",
"dateReserved": "2015-09-10T00:00:00",
"dateUpdated": "2024-08-06T07:36:34.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}