Remote Code Execution Vulnerability in HP Operations Dashboard
CVE-2009-4188

Currently unrated

Key Information:

Vendor: HP
Status: Operations Dashboard
Vendor: CVE Published:; 3 December 2009

Summary

HP Operations Dashboard suffers from a security vulnerability due to its default password for the j2deployer account, which is set to 'j2deployer'. This configuration allows remote attackers to exploit the system through the manager role, leading to unrestricted file upload attacks targeted at the /manager servlet in the Tomcat servlet container. If successfully executed, these attacks could allow for arbitrary code execution within the affected environment. Users are advised to change the default password and regularly review access privileges to mitigate potential threats.

References

http://www.securityfocus.com/bid/36258

vdb-entryx_refsource_BID

http://www.intevydis.com/blog/?p=87

x_refsource_MISC

EPSS Score

86% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 3, 2009