CVE-2011-4834

Name of the Vulnerable Software and Affected Versions HP Application Lifestyle Management (ALM) 11

Description The issue is related to the GetInstalledPackages function in the configuration tool, which lacks proper privilege control and access management mechanisms. This can allow an attacker to gain unauthorized access to confidential data, cause a denial of service, or impact data integrity. The vulnerability can be exploited by local users through specific methods, including the use of a Trojan horse /tmp/tmp.txt FIFO or a symlink attack on /tmp/tmp.txt.

Recommendations For HP Application Lifestyle Management (ALM) 11, consider restricting access to the GetInstalledPackages function until a patch is available. As a temporary workaround, avoid using the /tmp/tmp.txt file in the configuration tool to minimize the risk of exploitation.