Remote Code Execution Vulnerability in HP Operations Dashboard
CVE-2009-4188

Currently unrated

Key Information:

Vendor: HP
Status: Operations Dashboard
Vendor: CVE Published:; 3 December 2009

What is CVE-2009-4188?

HP Operations Dashboard suffers from a security vulnerability due to its default password for the j2deployer account, which is set to 'j2deployer'. This configuration allows remote attackers to exploit the system through the manager role, leading to unrestricted file upload attacks targeted at the /manager servlet in the Tomcat servlet container. If successfully executed, these attacks could allow for arbitrary code execution within the affected environment. Users are advised to change the default password and regularly review access privileges to mitigate potential threats.

References

http://www.securityfocus.com/bid/36258

vdb-entryx_refsource_BID

http://www.intevydis.com/blog/?p=87

x_refsource_MISC

EPSS Score

85% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 3, 2009