https://www.tenable.com/security/research/tra-2016-17 [No Types Assigned]

http://www.tenable.com/security/research/tra-2016-17 [Third Party Advisory]

http://www.securityfocus.com/bid/90975 [No Types Assigned]

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157423

Configuration 1
     OR
          *cpe:2.3:a:hp:performance_center:12.50:p1:*:*:*:*:*:*
          *cpe:2.3:a:hp:performance_center:12.20:p2:*:*:*:*:*:*
          *cpe:2.3:a:hp:performance_center:12.01:p3:*:*:*:*:*:*
          *cpe:2.3:a:hp:performance_center:12.00:p1:*:*:*:*:*:*
          *cpe:2.3:a:hp:performance_center:11.52:p3:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:hp:loadrunner:12.50:p3:*:*:*:*:*:*
          *cpe:2.3:a:hp:loadrunner:12.02:p2:*:*:*:*:*:*
          *cpe:2.3:a

Configuration 1
     OR
          *cpe:2.3:a:hp:loadrunner:12.50:p3:*:*:*:*:*:*
          *cpe:2.3:a:hp:loadrunner:12.02:p2:*:*:*:*:*:*
          *cpe:2.3:a:hp:loadrunner:12.01:p3:*:*:*:*:*:*
          *cpe:2.3:a:hp:loadrunner:12.00:p1:*:*:*:*:*:*
          *cpe:2.3:a:hp:loadrunner:11.52:p3:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:hp:performance_center:12.50:p1:*:*:*:*:*:*
          *cpe:2.3:a:hp:performance_center:12.20:p2:*:*:*:*:*:*
          *cpe:2.3:a:hp:performance_center:1

https://h20565.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157423

https://h20565.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157423

Configuration 1
     OR
          *cpe:2.3:a:hp:loadrunner:12.50:p3:*:*:*:*:*:*
          *cpe:2.3:a:hp:loadrunner:12.02:p2:*:*:*:*:*:*
          *cpe:2.3:a:hp:loadrunner:12.01:p3:*:*:*:*:*:*
          *cpe:2.3:a:hp:loadrunner:12.00:p1:*:*:*:*:*:*
          *cpe:2.3:a:hp:loadrunner:11.52:p3:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:hp:performance_center:12.50:p1:*:*:*:*:*:*
          *cpe:2.3:a:hp:performance_center:12.20:p2:*:*:*:*:*:*
          *cpe:2.3:a:hp:performance_center:1

Configuration 1
     OR
          *cpe:2.3:a:hp:performance_center:12.50:p1:*:*:*:*:*:*
          *cpe:2.3:a:hp:performance_center:12.20:p2:*:*:*:*:*:*
          *cpe:2.3:a:hp:performance_center:12.01:p3:*:*:*:*:*:*
          *cpe:2.3:a:hp:performance_center:12.00:p1:*:*:*:*:*:*
          *cpe:2.3:a:hp:performance_center:11.52:p3:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:hp:loadrunner:12.50:p3:*:*:*:*:*:*
          *cpe:2.3:a:hp:loadrunner:12.02:p2:*:*:*:*:*:*
          *cpe:2.3:a

http://www.securitytracker.com/id/1036006 No Types Assigned

http://www.securitytracker.com/id/1036006 Third Party Advisory, VDB Entry

http://www.tenable.com/security/research/tra-2016-17 No Types Assigned

http://www.tenable.com/security/research/tra-2016-17 Third Party Advisory

http://www.zerodayinitiative.com/advisories/ZDI-16-364 No Types Assigned

http://www.zerodayinitiative.com/advisories/ZDI-16-364 Third Party Advisory, VDB Entry

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157423 No Types Assigned

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157423 Mitigation, Vendor Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157423

web/admin/data.js en el componente Performance Center Virtual Table Server (VTS) en HPE LoadRunner 11.52 hasta el parche 3, 12.00 hasta el parche 1, 12.01 hasta el parche 3, 12.02 hasta el parche 2 y 12.50 hasta el parche 3 y Performance Center 11.52 hasta el parche 3, 12.00 hasta el parche 1, 12.01 hasta el parche 3, 12.20 hasta el parche 2 y 12.50 hasta el parche 1 no restringe rutas de archivo enviadas a un llamada desvinculada, lo que permite a atacantes remotos borrar archivos arbitrarios a

La funcionalidad import_csv en HPE LoadRunner 11.52 hasta la versión patch 3, 12.00 hasta la versión patch 1, 12.01 hasta la versión patch 3, 12.02 hasta la versión patch 2 y 12.50 hasta la versión patch 3 y Performance Center 11.52 hasta la versión patch 3, 12.00 hasta la versión patch 1, 12.01 hasta la versión patch 3, 12.20 hasta la versión patch 2 y 12.50 hasta la versión patch 1 no restringe las rutas de archivo enviadas a una llamada unlink, lo que permite a atacantes remotos borrar archiv

The import_csv functionality in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via unspecified vectors, aka ZDI-CAN-3555.

web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/impo

http://www.tenable.com/security/research/tra-2016-17

La funcionalidad import_csv en HPE LoadRunner 11.52 hasta la versión patch 3, 12.00 hasta la versión patch 1, 12.01 hasta la versión patch 3, 12.02 hasta la versión patch 2 y 12.50 hasta la versión patch 3 y Performance Center 11.52 hasta la versión patch 3, 12.00 hasta la versión patch 1, 12.01 hasta la versión patch 3, 12.20 hasta la versión patch 2 y 12.50 hasta la versión patch 1 no restringe las rutas de archivo enviadas a una llamada unlink, lo que permite a atacantes remotos borrar archiv

HPE LoadRunner 11.52 hasta la versión patch 3, 12.00 hasta la versión patch 1, 12.01 hasta la versión patch 3, 12.02 hasta la versión patch 2 y 12.50 hasta la versión patch 3 y Performance Center 11.52 hasta la versión patch 3, 12.00 hasta la versión patch 1, 12.01 hasta la versión patch 3, 12.20 hasta la versión patch 2 y 12.50 hasta la versión patch 1 permiten a atacantes remotos modificar datos o provocar una denegación de servicio a través de vectores no especificados, también conocido como 

HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to modify data or cause a denial of service via unspecified vectors, aka ZDI-CAN-3555.

The import_csv functionality in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via unspecified vectors, aka ZDI-CAN-3555.

http://www.securitytracker.com/id/1036006

http://www.zerodayinitiative.com/advisories/ZDI-16-364

Configuration 1
     OR
          *cpe:2.3:a:hp:loadrunner:12.50:p3:*:*:*:*:*:*
          *cpe:2.3:a:hp:loadrunner:12.02:p2:*:*:*:*:*:*
          *cpe:2.3:a:hp:loadrunner:12.01:p3:*:*:*:*:*:*
          *cpe:2.3:a:hp:loadrunner:12.00:p1:*:*:*:*:*:*
          *cpe:2.3:a:hp:loadrunner:11.52:p3:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:hp:performance_center:12.50:p1:*:*:*:*:*:*
          *cpe:2.3:a:hp:performance_center:12.20:p2:*:*:*:*:*:*
          *cpe:2.3:a:hp:performance_center:1

(AV:N/AC:L/Au:N/C:N/I:P/A:P)

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

NVD-CWE-noinfo

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423 No Types Assigned

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423 Advisory