CVE-2015-7862
published 2015-10-19CVE-2015-7862: Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access…
PriorityP425medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.51%
71.3th percentile
Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote attackers to modify an account's role assignments via unspecified vectors.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| accelerite | radia_client_automation | — | — |
| accelerite | radia_client_automation | — | — |
| accelerite | radia_client_automation | — | — |
| accelerite | radia_client_automation | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS ManageEngine Desktop Central Administrator Account Creation
suricata·2015-01-05·CVSS 9.8
CVE-2014-7862 [CRITICAL] ET WEB_SPECIFIC_APPS ManageEngine Desktop Central Administrator Account Creation
ET WEB_SPECIFIC_APPS ManageEngine Desktop Central Administrator Account Creation
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ManageEngine Desktop Central Administrator Account Creation"; flow:established,to_server; http.uri; content:"/servlets/DCPluginServelet?"; nocase; content:"action=addPlugInUser"; nocase; content:"role="; nocase; content:"userName="; nocase; content:"email="; nocase; content:"password="; nocase; content:"salt="; nocase; reference:cve,CVE-2014-7862; reference:url,seclists.org/fulldisclosure/2015/Jan/2; classtype:trojan-activity; sid:2020092; rev:3; metadata:created_at 2015_01_05, signature_severity Major, updated_at 2020_05_14;)
No writeups or analysis indexed.
http://www.securitytracker.com/id/1033862https://support.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-featureshttp://www.securitytracker.com/id/1033862https://support.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features
2015-10-19
Published