CVE-2011-0276

Currently unrated

Key Information:

Vendor: HP
Status: Openview Performance Insight
Vendor: CVE Published:; 2 February 2011

Summary

HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.

References

http://osvdb.org/70754

vdb-entryx_refsource_OSVDB

http://www.zerodayinitiative.com/advisories/ZDI-11-034

x_refsource_MISC

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

EPSS Score

96% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 2, 2011
Vulnerability Reserved
Dec 23, 2010