CVE-2009-3097

Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://intevydis.com/vd-list.shtml	Broken Link
http://secunia.com/advisories/36520	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:hp:performance_insight:5.3:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-09-08 18:30

Updated : 2024-02-04 17:33

NVD link : CVE-2009-3097

Mitre link : CVE-2009-3097

CVE.ORG link : CVE-2009-3097

JSON object : View

Products Affected

microsoft

windows

hp

performance_insight

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2009-3097", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-09-08T18:30:00.733", "references": [{"url": "http://intevydis.com/vd-list.shtml", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36520", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades sin especificar en HP Performance Insight v5.3 sobre Windows, permite a atacantes obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados, como se ha demostrado mediante determinados m\u00f3dulos en VulnDisco Pack Professional v8.11. NOTA: hasta el 03/09/2009 la vulnerabilidad no tiene ninguna informaci\u00f3n para ponerla en pr\u00e1ctica. Sin embargo, como el autor de VulnDisco Pack es un investigador fiable, el problema ha sido asignado a un CVE para su seguimiento."}], "lastModified": "2020-07-28T12:49:09.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:performance_insight:5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65B29A22-B34C-4A34-A67B-E1E51E0545A1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}