CyberSec.Space Logo
CVEブラウザに戻る

CVE-2010-0447

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0870%
EPSS Percentile41.66th
Published2010年3月10日
Last Modified2026年4月29日

Vulnerability Description

The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.

Affected Platforms (CPE)

📦
Hp

Openview Performance Insight

<= 5.4

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=126815897824020&w=2
🔗 http://osvdb.org/62797
🔗 http://secunia.com/advisories/38899
🔗 http://www.securityfocus.com/archive/1/509984/100/0/threaded
🔗 http://www.securityfocus.com/bid/38611
🔗 http://www.vupen.com/english/advisories/2010/0555
🔗 http://www.zerodayinitiative.com/advisories/ZDI-10-026
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/56757

関連する脆弱性情報

CVE-2011-027610.0

HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUs...

CVE-2011-24076.4

Unspecified vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers ...

CVE-2011-24104.3

Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows re...

CVE-2011-24063.5

Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows re...