CVE-2009-3843

HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
hpCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
hpoperations_manager
8.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://marc.info/?l=bugtraq&m=125873415424980&w=2
http://marc.info/?l=bugtraq&m=125873415424980&w=2
http://secunia.com/advisories/37444
http://securitytracker.com/id?1023222
http://www.osvdb.org/60317
http://www.zerodayinitiative.com/advisories/ZDI-09-085/
https://exchange.xforce.ibmcloud.com/vulnerabilities/54361
http://marc.info/?l=bugtraq&m=125873415424980&w=2
http://marc.info/?l=bugtraq&m=125873415424980&w=2
http://secunia.com/advisories/37444
http://securitytracker.com/id?1023222
http://www.osvdb.org/60317
http://www.zerodayinitiative.com/advisories/ZDI-09-085/
https://exchange.xforce.ibmcloud.com/vulnerabilities/54361