Description: | | A default credential vulnerability has been reported in HP SiteScope. On a fresh installation of SiteScope, the administrator account is accessible without a password and there is a user account called integrationViewer with a default password. A remote attacker can exploit these default credentials to access the SiteScope web interface. Once authenticated, the attacker can exploit additional policy-bypass and directory-traversal vulnerabilities. Through specially crafted requests, they allow the attacker to perform administrative tasks when authenticated as a non-administrative user and to read contents of arbitrary files. |