HP OpenView Performance Insight Bugs Let Remote Authenticated Users Execute Arbitrary Code and Remote Users Gain Access - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > HP OpenView

Vendors: HP (Compaq)

HP OpenView Performance Insight Bugs Let Remote Authenticated Users Execute Arbitrary Code and Remote Users Gain Access

SecurityTracker Alert ID: 1025892

SecurityTracker URL: http://securitytracker.com/id/1025892

CVE Reference: CVE-2011-2406, CVE-2011-2407, CVE-2011-2410 (Links to External Site)

Updated: Aug 13 2011

Original Entry Date: Aug 9 2011

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): Performance Insight v5.3, v5.31, v5.4, v5.41, v5.41.001, v5.41.002

Description: Several vulnerabilities were reported in HP OpenView Performance Insight. A remote authenticated user can execute arbitrary code on the target system. A remote user can gain access to the target system. A remote user can conduct cross-site scripting attacks.

A remote authenticated user can inject HTML to execute arbitrary code on the target system [CVE-2011-2406].

A remote user can gain partial access to the target system [CVE-2011-2407].

A remote user can conduct cross-site scripting attacks [CVE-2011-2410].

Tenable Network Security reported the cross-site scripting vulnerability.

Impact: A remote authenticated user can execute arbitrary code on the target system.

A remote user can gain access to the target system.

A remote user can conduct cross-site scripting attacks.

Solution: The vendor has issued a hotfix (5.41.002 piweb HF07) for Performance Insight v5.41.002.

The vendor's advisory is available at:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02942411

Vendor URL: h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02942411 (Links to External Site)

Cause: Not specified

Underlying OS: Linux (Red Hat Enterprise), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (2000), Windows (2003), Windows (XP)

Message History: None.

Source Message Contents

Date: Tue, 09 Aug 2011 17:26:59 +0000
Subject: HPSBMU02695 SSRT100480 rev.1 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access


http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02942411

CVE-2011-2406 (execute arbitrary code), CVE-2011-2407 (unauthorized access)

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC