CVE-2009-4189

Currently unrated

Key Information:

Vendor: HP
Status: Operations Manager
Vendor: CVE Published:; 3 December 2009

Summary

HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843.

References

http://www.intevydis.com/blog/?p=87

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 3, 2009