VYPR
← All advisories
Unrated severityNVD Advisory· Published May 25, 2015· Updated May 6, 2026

CVE-2015-2120

CVE-2015-2120

Description

HP SiteScope 11.1x-11.3x before specific patches allow authenticated remote attackers to escalate privileges via the Log Analysis Tool reading users.config.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

HP SiteScope 11.1x-11.3x before specific patches allow authenticated remote attackers to escalate privileges via the Log Analysis Tool reading users.config.

Vulnerability

HP SiteScope versions 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 contain an unspecified privilege escalation vulnerability in the Log Analysis Tool. The tool fails to validate or restrict the log path, allowing a remote authenticated user to read arbitrary files, including the users.config file [1].

Exploitation

An attacker must have valid authentication credentials for SiteScope and network access. Using the Log Analysis Tool, the attacker can set the log path to point to users.config and then read its contents. This allows retrieval of stored credentials or tokens that can be used to escalate privileges [1].

Impact

Successful exploitation enables the attacker to escalate from a regular user to the administrator role, gaining full control over SiteScope. This results in complete compromise of confidentiality, integrity, and availability of the affected system [1].

Mitigation

HP has released updates to address this vulnerability: upgrade to SiteScope 11.13, 11.24.391, or 11.30.521 respectively. No workaround has been provided. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

References
  1. ZDI-15-239

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Microfocus/Sitescope4 versions
    cpe:2.3:a:hp:sitescope:11.13:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:hp:sitescope:11.13:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:sitescope:11.24.391:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:sitescope:11.30.521:*:*:*:*:*:*:*
    • (no CPE)range: <11.13, <11.24.391, <11.30.521

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.