SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   HPE Operations Manager Vendors:   HPE
HP Operations for UNIX Permits Cross-Site Scripting Attacks and Lets Remote Authenticated Users Gain Unauthorized Access
SecurityTracker Alert ID:  1025281
SecurityTracker URL:  http://securitytracker.com/id/1025281
CVE Reference:   CVE-2011-0893, CVE-2011-0894   (Links to External Site)
Date:  Apr 1 2011
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.10
Description:   A vulnerability was reported in HP Operations for UNIX. A remote authenticated user can gain unauthorized access. A remote user can conduct cross-site scripting attacks.

No details were provided.

Impact:   A remote authenticated user can partially view and modify data on the target application.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the HP Operations for UNIX software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution:   The vendor has issued a hotfix (QCCR1A121284_QCCR1A121281_hotfix.tar.gz).

The vendor's advisory is available at:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02770049

Vendor URL:  h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02770049 (Links to External Site)
Cause:   Input validation error, Not specified
Underlying OS:  UNIX (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC