CVE-2015-2802

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.

Published: Feb 4, 2020
Updated: Apr 13, 2023
CVE: CVE-2015-2802
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
hp / asset_manager	9.41	9.41.x
hp / asset_manager	9.50	9.50.x
hp / asset_manager_cloudsystem_chargeback	9.40	9.40.x
hp / asset_manager	9.40	9.40.x
hp / asset_manager	9.30	9.30.x
hp / asset_manager	9.31	9.31.x
hp / asset_manager	9.32	9.32.x
hp / sitescope	11.20	11.24.x
hp / sitescope	11.30	11.30.x

http://marc.info/?l=bugtraq&m=143455780010289&w=2
http://marc.info/?l=bugtraq&m=143629738517220&w=2
http://www.securityfocus.com/bid/75258
https://packetstormsecurity.com/files/cve/CVE-2015-2802
https://securitytracker.com/id/1032599

Vulnerability Database

289,599

CVE-2015-2802