CyberSec.Space Logo
Back to CVE Browser

CVE-2009-3843

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1490%
EPSS Percentile5.38th
PublishedNov 24, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.

Affected Platforms (CPE)

πŸ“¦
Hp

Operations Manager

= 8.10

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=125873415424980&w=2
πŸ”— http://secunia.com/advisories/37444
πŸ”— http://securitytracker.com/id?1023222
πŸ”— http://www.osvdb.org/60317
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-09-085/
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/54361
πŸ”— http://marc.info/?l=bugtraq&m=125873415424980&w=2
πŸ”— http://secunia.com/advisories/37444

Related Vulnerabilities

CVE-2021-3189110.0

A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS runn...

CVE-2020-941110.0

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerabilit...

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...

CVE-2007-323210.0

The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, an...