Remote Code Execution Vulnerability in HP Operations Manager
CVE-2009-4189

Currently unrated

Key Information:

Vendor: HP
Status: Operations Manager
Vendor: CVE Published:; 3 December 2009

What is CVE-2009-4189?

HP Operations Manager contains a security flaw due to the default password of OvW*busr1 for the 'ovwebusr' account. This weakness permits remote attackers to exploit the manager role to conduct unrestricted file uploads, leading to arbitrary code execution through the /manager servlet in the Tomcat servlet container. This vulnerability poses significant security risks as it could be leveraged to compromise the system directly.

References

http://www.intevydis.com/blog/?p=87

x_refsource_MISC

EPSS Score

83% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 3, 2009