CVE-2009-4189

HP Operations Manager - RCE

Title source: llm

Description

HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843.

Exploits (1)

exploitdb WORKING POC
rubyremotemultiple
https://www.exploit-db.com/exploits/16317

References (1)

Scores

EPSS 0.8349
EPSS Percentile 99.3%

Classification

CWE
CWE-255
Status draft

Affected Products (1)

hp/operations_manager

Timeline

Published Dec 03, 2009
Tracked Since Feb 18, 2026