Description
Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter to ovlogin.exe.
References (7)
Core 7
Core References
Vendor Advisory x_refsource_misc
http://dvlabs.tippingpoint.com/advisory/TPTI-09-09
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37261
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=126046355120442&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54660
Patch, Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508352/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37330
Scores
EPSS
0.2354
EPSS Percentile
96.1%
Details
CWE
CWE-119
Status
published
Products (3)
hp/openview_network_node_manager
7.0.1 (4 CPE variants)
hp/openview_network_node_manager
7.51 (4 CPE variants)
hp/openview_network_node_manager
7.53 (4 CPE variants)
Published
Dec 10, 2009
Tracked Since
Feb 18, 2026