CVE-2012-2561

Name of the Vulnerable Software and Affected Versions HP Business Service Management (BSM) version 9.12

Description The issue allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component. This is achieved by uploading crafted .war files due to improper restrictions. The attack can be performed via a crafted request to TCP port 1098, 1099, or 4444.

Recommendations For HP Business Service Management (BSM) version 9.12, restrict the uploading of .war files to prevent remote attackers from executing arbitrary JSP code. As a temporary workaround, consider restricting access to TCP ports 1098, 1099, and 4444 to minimize the risk of exploitation.