HPE's SiteScope is vulnerable to several cryptographic issues, insufficiently protected credentials, and missing authentication.
HPE's SiteScope is vulnerable to several vulnerabilities. The researcher reports that version 11.31.461 is affected; other versions may also be impacted. CERT/CC has not received further information on affected versions from HPE.
CWE-306: Missing Authentication for Critical Function - CVE-2017-8952
An unauthenticated, remote attacker may be able to access arbitrary files from the system running SiteScope, or obtain credentials to SiteScope.
Apply an update
Thanks to Richard Kelley for reporting this vulnerability.
This document was written by Garret Wassermann.