CyberSec.Space Logo
Back to CVE Browser

CVE-2010-0447

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0870%
EPSS Percentile41.66th
PublishedMar 10, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.

Affected Platforms (CPE)

πŸ“¦
Hp

Openview Performance Insight

<= 5.4

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=126815897824020&w=2
πŸ”— http://osvdb.org/62797
πŸ”— http://secunia.com/advisories/38899
πŸ”— http://www.securityfocus.com/archive/1/509984/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/38611
πŸ”— http://www.vupen.com/english/advisories/2010/0555
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-10-026
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/56757

Related Vulnerabilities

CVE-2011-027610.0

HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUs...

CVE-2011-24076.4

Unspecified vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers ...

CVE-2011-24104.3

Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows re...

CVE-2011-24063.5

Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows re...