CVE-2015-6867 - Vulnerability Details - OpenCVE

The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opentext	Vertica

Configuration 1 [-]

cpe:2.3:a:opentext:vertica:7.1.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/77405
http://www.zerodayinitiative.com/advisories/ZDI-15-535/
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095

History

Wed, 19 Nov 2025 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Opentext Opentext vertica
CPEs	cpe:2.3:a:hp:vertica:7.1.1:::::::*	cpe:2.3:a:opentext:vertica:7.1.1:::::::*
Vendors & Products	Hp Hp vertica	Opentext Opentext vertica

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-11-04T02:00:00

Updated: 2024-08-06T07:36:34.421Z

Reserved: 2015-09-10T00:00:00

Link: CVE-2015-6867

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-11-04T03:59:11.483

Modified: 2025-11-19T13:23:10.650

Link: CVE-2015-6867

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-02T00:00:00", "descriptions": [{"lang": "en", "value": "The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-28T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/"}, {"name": "77405", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/77405"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2015-6867", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/"}, {"name": "77405", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77405"}, {"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:36:34.421Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/"}, {"name": "77405", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/77405"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-6867", "datePublished": "2015-11-04T02:00:00", "dateReserved": "2015-09-10T00:00:00", "dateUpdated": "2024-08-06T07:36:34.421Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opentext:vertica:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D18B6631-DB97-47BC-9DE7-12A31192F2F0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914."}, {"lang": "es", "value": "El proceso vertica-udx-zygote en HP Vertica 7.1.1 UDx no requiere autenticaci\u00f3n, lo que permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de un paquete manipulado, tambi\u00e9n conocido como ZDI-CAN-2914."}], "id": "CVE-2015-6867", "lastModified": "2025-11-19T13:23:10.650", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-11-04T03:59:11.483", "references": [{"source": "[email protected]", "url": "http://www.securityfocus.com/bid/77405"}, {"source": "[email protected]", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/77405"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-535/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "[email protected]", "type": "Primary"}]}