CyberSec.Space Logo
Back to CVE Browser

CVE-2009-4188

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1300%
EPSS Percentile28.95th
PublishedDec 3, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098.

Affected Platforms (CPE)

πŸ“¦
Hp

Operations Dashboard

All versions

References & Advisories

πŸ”— http://www.intevydis.com/blog/?p=87
πŸ”— http://www.securityfocus.com/bid/36258
πŸ”— http://www.intevydis.com/blog/?p=87
πŸ”— http://www.securityfocus.com/bid/36258

Related Vulnerabilities

CVE-2009-309810.0

Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 on Windows Server 2003 SP2 allows remote attackers to have ...

CVE-2026-400899.9

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard co...

CVE-2020-73619.6

The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. A...

CVE-2021-214808.8

SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacke...