CyberSec.Space Logo
Back to CVE Browser

CVE-2009-4189

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1710%
EPSS Percentile19.13th
PublishedDec 3, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843.

Affected Platforms (CPE)

📦
Hp

Operations Manager

All versions

References & Advisories

🔗 http://www.intevydis.com/blog/?p=87
🔗 http://www.intevydis.com/blog/?p=87

Related Vulnerabilities

CVE-2021-3189110.0

A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS runn...

CVE-2020-941110.0

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerabilit...

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...

CVE-2007-323210.0

The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, an...