James Fisher

**Name of the Vulnerable Software and Affected Versions** HP OpenView Network Node Manager versions 6.2 through 7.50 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `node` parameter to several API endpoints, including "connectedNodes.ovpl", "cdpView.ovpl", "freeIPaddrs.ovpl", and "ecscmg.ovpl". **Recommendations** For HP OpenView Network Node Manager versions 6.2 through 7.50, consider restricting access to the vulnerable API endpoints until a patch is available. As a temporary workaround, avoid using shell metacharacters in the `node` parameter for the affected API endpoints. Restrict access to the affected .ovpl files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.