Code Execution Vulnerability in HP OpenView Performance Insight Server
CVE-2011-0276

Currently unrated

Key Information:

Vendor: HP
Status: Openview Performance Insight
Vendor: CVE Published:; 2 February 2011

What is CVE-2011-0276?

The HP OpenView Performance Insight Server contains a security flaw due to a hidden account in the com.trinagy.security.XMLUserManager Java class. This vulnerability enables remote attackers to execute arbitrary code through the doPost method in the com.trinagy.servlet.HelpManagerServlet class, leading to potential compromise of the server. Organizations using affected versions should prioritize patching to mitigate risks associated with unauthorized access and system control.

References

http://osvdb.org/70754

vdb-entryx_refsource_OSVDB

http://www.zerodayinitiative.com/advisories/ZDI-11-034

x_refsource_MISC

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

EPSS Score

85% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2011
Vulnerability Reserved
Dec 23, 2010