Security Flaw in HP Business Service Management Allows Remote Code Execution
CVE-2012-2561

Currently unrated

Key Information:

Vendor: HP
Status: Business Service Management
Vendor: CVE Published:; 21 May 2012

Summary

An issue in HP Business Service Management 9.12 permits unauthorized uploading of .war files. This oversight enables remote attackers to execute arbitrary JSP code within the JBOSS Application Server component, leading to potential system compromise. Attackers can exploit this vulnerability by sending crafted requests to specific TCP ports (1098, 1099, or 4444), essentially bypassing safeguards and triggering harmful code execution.

References

http://secunia.com/advisories/49218

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/53556

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/859230

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
May 21, 2012
Vulnerability Reserved
May 9, 2012