CyberSec.Space Logo
Back to CVE Browser

CVE-2011-0276

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1600%
EPSS Percentile34.43th
PublishedFeb 2, 2011
Last ModifiedApr 29, 2026

Vulnerability Description

HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.

Affected Platforms (CPE)

πŸ“¦
Hp

Openview Performance Insight

= 5.2
πŸ“¦
Hp

Openview Performance Insight

= 5.3
πŸ“¦
Hp

Openview Performance Insight

= 5.4
πŸ“¦
Hp

Openview Performance Insight

= 5.31
πŸ“¦
Hp

Openview Performance Insight

= 5.41

References & Advisories

πŸ”— http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02695453
πŸ”— http://osvdb.org/70754
πŸ”— http://secunia.com/advisories/43145
πŸ”— http://securityreason.com/securityalert/8136
πŸ”— http://www.exploit-db.com/exploits/16984
πŸ”— http://www.securityfocus.com/archive/1/516093/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/46079
πŸ”— http://www.securitytracker.com/id?1025014

Related Vulnerabilities

CVE-2010-044710.0

The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate...

CVE-2011-24076.4

Unspecified vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers ...

CVE-2011-24104.3

Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows re...

CVE-2011-24063.5

Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows re...