PT-2011-2250 · Hewlett Packard · Hp Openview Performance Insight Server

Stephen Fewer

Published

2011-01-31

Updated

2018-10-10

CVE-2011-0276

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HP OpenView Performance Insight Server versions 5.2 through 5.41

Description The issue concerns a hidden account in the com.trinagy.security.XMLUserManager Java class, allowing remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.

Recommendations For HP OpenView Performance Insight Server versions 5.2 through 5.41, consider disabling the com.trinagy.servlet.HelpManagerServlet class until a patch is available to prevent exploitation of the hidden account. Restrict access to the com.trinagy.security.XMLUserManager Java class to minimize the risk of arbitrary code execution.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2011-0276

ZDI-11-034

Affected Products

Hp Openview Performance Insight Server

PT-2011-2250 · Hewlett Packard · Hp Openview Performance Insight Server

CVE-2011-0276

Related Identifiers

Affected Products

References · 15