CyberSec.Space Logo
CVEブラウザに戻る

CVE-2011-0276

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1600%
EPSS Percentile34.43th
Published2011年2月2日
Last Modified2026年4月29日

Vulnerability Description

HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.

Affected Platforms (CPE)

📦
Hp

Openview Performance Insight

= 5.2
📦
Hp

Openview Performance Insight

= 5.3
📦
Hp

Openview Performance Insight

= 5.4
📦
Hp

Openview Performance Insight

= 5.31
📦
Hp

Openview Performance Insight

= 5.41

References & Advisories

🔗 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02695453
🔗 http://osvdb.org/70754
🔗 http://secunia.com/advisories/43145
🔗 http://securityreason.com/securityalert/8136
🔗 http://www.exploit-db.com/exploits/16984
🔗 http://www.securityfocus.com/archive/1/516093/100/0/threaded
🔗 http://www.securityfocus.com/bid/46079
🔗 http://www.securitytracker.com/id?1025014

関連する脆弱性情報

CVE-2010-044710.0

The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate...

CVE-2011-24076.4

Unspecified vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers ...

CVE-2011-24104.3

Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows re...

CVE-2011-24063.5

Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows re...