HP Systems Insight Manager Multiple Flaws Let Remote Users Gain Access and Local Users Obtain Information - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > HP Systems Insight Manager

Vendors: HP (Compaq)

HP Systems Insight Manager Multiple Flaws Let Remote Users Gain Access and Local Users Obtain Information

SecurityTracker Alert ID: 1026987

SecurityTracker URL: http://securitytracker.com/id/1026987

CVE Reference: CVE-2012-1994, CVE-2012-1995, CVE-2012-1996, CVE-2012-1997, CVE-2012-1998, CVE-2012-1999 (Links to External Site)

Date: Apr 30 2012

Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Modification of user information, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 7.0

Description: Several vulnerabilities were reported in HP Systems Insight Manager. A remote user can gain elevated privileges on the target system. A remote authenticated user can gain full control of the target system. A remote user can conduct cross-site request forgery and URL redirection attacks. A local user can obtain potentially sensitive information.

A remote user on the adjacent network can access information on the target system [CVE-2012-1994].

A local user can obtain potentially sensitive information [CVE-2012-1995].

A remote user can conduct cross-site request forgery attacks to take actions on the site acting as the target user [CVE-2012-1996].

A remote user can gain privileges on the target system [CVE-2012-1997].

A remote user can conduct URL redirection attacks [CVE-2012-1998].

A remote authenticated user can gain full control of the target system [CVE-2012-1999].

Impact: A remote user can gain privileges on the target system.

A remote authenticated user can gain full control of the target system.

A local user can obtain potentially sensitive information.

A remote user can take actions on the target site acting as the target user.

A remote user can cause the target user's browser to be redirected to a different URL.

Solution: The vendor has issued a fix (7.0).

The vendor's advisory is available at:

http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03298151

Vendor URL: h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03298151 (Links to External Site)

Cause: Not specified

Underlying OS: Linux (Any), UNIX (HP/UX), Windows (Any)

Message History: None.

Source Message Contents

Date: Mon, 30 Apr 2012 17:44:40 +0000
Subject: HPSBMU02769 SSRT100846 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, and Other Vulnerabilities


http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03298151

CVE-2012-1994 (unauthorized access), CVE-2012-1995 ( information disclosure), 
CVE-2012-1996 (CSRF), CVE-2012-1997 (privilege elevation), CVE-2012-1998 (URL 
redirection), CVE-2012-1999 (authentication bypass), SSRT100093, SSRT090028, 
SSRT100110, SSRT100373, SSRT100426, SSRT100514, SSRT100562, SSRT100639, SSRT100702, 
SSRT100819

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC