漏洞标题
N/A
漏洞描述信息
"Web/admin/data.js 在HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 的性能和中心虚拟表服务器(VTS)组件中,11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 1 中没有限制将文件路径发送到解链接调用中的文件路径,这允许远程攻击者通过数据/import_csv(ZDI-CAN-3555)路径参数删除任意文件。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
HPE LoadRunner和Performance Center 安全漏洞
漏洞描述信息
HPE LoadRunner和Performance Center都是美国惠普企业(Hewlett Packard Enterprise,HPE)公司的性能负载测试软件。 HPE LoadRunner和Performance Center中存在安全漏洞。远程攻击者可利用该漏洞修改数据,或造成拒绝服务。以下产品及版本受到影响:HPE LoadRunner 11.52 patch 3版本,12.00 patch 1版本,12.01 patch 3版本,12.02 patch 2版本,12.50 patch 3
CVSS信息
N/A
漏洞类别
授权问题