CVE-2010-0447
HP OpenView Performance Insight < 5.4 - Unauthenticated Remote Code Execution via Helpmanager Servlet
Title source: llmDescription
The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/509984/100/0/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38899
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38611
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56757
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-026
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/62797
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=126815897824020&w=2
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0555
Scores
EPSS
0.0620
EPSS Percentile
91.0%
Details
CWE
CWE-287
Status
published
Products (1)
hp/openview_performance_insight
< 5.4
Published
Mar 10, 2010
Tracked Since
Feb 18, 2026