Directory Traversal Vulnerability in HP Power Manager
CVE-2009-4000

Currently unrated

Key Information:

Vendor: HP
Status: Power Manager
Vendor: CVE Published:; 20 January 2010

Summary

A directory traversal vulnerability exists in HP Power Manager prior to version 4.2.10, allowing remote attackers to exploit the 'goform/formExportDataLogs' functionality. By manipulating the 'fileName' parameter, attackers can overwrite arbitrary files on the server and potentially execute arbitrary code, compromising system integrity and security.

References

http://secunia.com/advisories/37280

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/secunia_research/2009-48/

x_refsource_MISC

http://marc.info/?l=bugtraq&m=126393370331959&w=2

vendor-advisoryx_refsource_HP

EPSS Score

29% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 20, 2010