Remote Code Execution Vulnerability in Hewlett-Packard OpenView Performance Insight
CVE-2010-0447

Currently unrated

Key Information:

Vendor: HP
Status: Openview Performance Insight
Vendor: CVE Published:; 10 March 2010

Summary

The helpmanager servlet in HP OpenView Performance Insight versions 5.4 and earlier lacks proper authentication and request validation. This security flaw allows remote attackers to exploit the server by uploading a malicious JSP document, leading to potential arbitrary command execution. Organizations using vulnerable versions should implement security measures to mitigate the risks posed by this vulnerability. It is crucial to monitor and secure web server applications to prevent unauthorized access and ensure system integrity.

References

http://www.securityfocus.com/archive/1/509984/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/38899

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/38611

vdb-entryx_refsource_BID

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 10, 2010
Vulnerability Reserved
Jan 27, 2010