Hillstone Networks

RULE（RULE ID：333180）

Rule General Information


Release Date:		2021-03-26

Rule Name:		HP SiteScope loadFileContent SOAP Request Information Disclosure Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		An information disclosure vulnerability exists in HP SiteScope. The vulnerability is due to an access control weakness resulting in the disclosure of file contents on the target system via several SOAP requests. An unauthenticated remote attacker can exploit this vulnerability by sending malicious SOAP requests to the target server to view the contents of an arbitrary file. A successful exploitation attempt could result in the disclosure of information of any file on the target system, which can be used by a future attack.

Impact:		An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.