CyberSec.Space Logo
CVEブラウザに戻る

CVE-2011-4788

HIGH
7.8
CVSS Severity Score
EPSS Score0.1330%
EPSS Percentile24.12th
Published2012年1月13日
Last Modified2026年4月29日

Vulnerability Description

Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI.

Affected Platforms (CPE)

🔌
Hp

Storageworks P2000 G3 Msa Fc\/iscsi Dual Combo Controller Lff Array System

= aw567a
🔌
Hp

Storageworks P2000 G3 Msa Fibre Channel Dual Controller Lff Array System

= ap845a
🔌
Hp

Storageworks P2000 G3 Msa Fibre Channel Dual Controller Sff Array System

= ap846a

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2012-01/0088.html
🔗 http://marc.info/?l=bugtraq&m=132672509901841&w=2
🔗 http://zerodayinitiative.com/advisories/ZDI-12-015/
🔗 http://archives.neohapsis.com/archives/bugtraq/2012-01/0088.html
🔗 http://marc.info/?l=bugtraq&m=132672509901841&w=2
🔗 http://zerodayinitiative.com/advisories/ZDI-12-015/

関連する脆弱性情報

CVE-2011-532310.0

GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server u...

CVE-2011-532410.0

The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of...

CVE-2011-532210.0

GE Healthcare Centricity Analytics Server 1.1 has a default password of (1) V0yag3r for the SQL Server sa user, (2) G3car3s for th...

CVE-2011-262810.0

Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause...