CVE-2009-4000

Name of the Vulnerable Software and Affected Versions HP Power Manager versions prior to 4.2.10

Description A directory traversal issue exists in the goform/formExportDataLogs component, allowing remote attackers to overwrite arbitrary files and execute arbitrary code by using directory traversal sequences in the fileName parameter.

Recommendations For versions prior to 4.2.10, update to version 4.2.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the goform/formExportDataLogs component to minimize the risk of exploitation. Avoid using the fileName parameter in the affected component until the issue is resolved.