CVE-2009-3999

Name of the Vulnerable Software and Affected Versions HP Power Manager versions prior to 4.2.10

Description A stack-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code. This is achieved by providing a long fileName parameter in the goform/formExportDataLogs endpoint.

Recommendations For versions prior to 4.2.10, update to version 4.2.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the goform/formExportDataLogs endpoint to minimize the risk of exploitation. Avoid using long fileName parameters in this endpoint until the issue is resolved.