SQL Injection Vulnerability in HP Performance Insight for Networks
CVE-2012-2007

Currently unrated

Key Information:

Vendor: HP
Status: Performance Insight
Vendor: CVE Published:; 9 May 2012

What is CVE-2012-2007?

An SQL injection vulnerability exists in HP Performance Insight for Networks versions 5.3.x, 5.41, 5.41.001, and 5.41.002. This flaw allows remote attackers to exploit unspecified vectors, enabling the execution of arbitrary SQL commands, which could potentially compromise the entire database and expose sensitive information.

References

http://secunia.com/advisories/49079

third-party-advisoryx_refsource_SECUNIA

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

http://www.securitytracker.com/id?1027031

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2012
Vulnerability Reserved
Apr 2, 2012