HIGH🇬🇧 English

CVE-2014-7878

CVSS 10.0v2.0pub. 2014-11-14upd. 2026-05-06

The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • HP Helion Cloud Development Platform

    APP
    Hp
    1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2017-5638CRITICAL9.8⚠ KEVten sam vendor

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect ex...

CVE-2015-3113CRITICAL9.8⚠ KEVten sam vendor

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on ...

CVE-2013-4810CRITICAL9.8⚠ KEVten sam vendor

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application ...

CVE-2012-1823CRITICAL9.8⚠ KEVten sam vendor

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi)...

CVE-2005-2773CRITICAL9.8⚠ KEVten sam vendor

HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via sh...