Command Injection Vulnerability in HP OpenView Network Node Manager
CVE-2011-0271

Currently unrated

Key Information:

Vendor: HP
Status: Openview Network Node Manager
Vendor: CVE Published:; 13 January 2011

Summary

The CGI scripts in HP OpenView Network Node Manager versions 7.51 and 7.53 lack proper validation for a specific parameter, enabling remote attackers to execute arbitrary commands. This vulnerability arises when an attacker provides a crafted command string as the value of this parameter, potentially compromising the integrity and security of the affected system.

References

http://www.securityfocus.com/archive/1/515628

vendor-advisoryx_refsource_HP

http://www.vupen.com/english/advisories/2011/0085

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/archive/1/515628

vendor-advisoryx_refsource_HP

EPSS Score

26% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 13, 2011
Vulnerability Reserved
Dec 23, 2010