CVE-2011-2608

HP OpenView Performance Agent and Operations Agent - Arbitrary File Deletion via Register Command

Title source: llm

Description

ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1025715

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/68269

Vendor Advisory vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=131188898632504&w=2

Exploit x_refsource_misc

http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/48481

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/45079

Scores

EPSS 0.0084

EPSS Percentile 74.9%

Details

CWE

CWE-20

Status published

Products (9)

hp/openview_performance_agent 4.70

hp/openview_performance_agent 5.0

hp/operations_agent 8.53

hp/operations_agent 8.60.005

hp/operations_agent 8.60.006

hp/operations_agent 8.60.007

hp/operations_agent 8.60.008

hp/operations_agent 8.60.501

hp/operations_agent 11.0

Published Jul 01, 2011

Tracked Since Feb 18, 2026