CVE-2010-0447

EUVD-2010-0478
The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
hpopenview_performance_insight
𝑥
≤ 5.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://marc.info/?l=bugtraq&m=126815897824020&w=2
http://osvdb.org/62797
http://secunia.com/advisories/38899
http://www.securityfocus.com/archive/1/509984/100/0/threaded
http://www.securityfocus.com/bid/38611
http://www.vupen.com/english/advisories/2010/0555
http://www.zerodayinitiative.com/advisories/ZDI-10-026
https://exchange.xforce.ibmcloud.com/vulnerabilities/56757
http://marc.info/?l=bugtraq&m=126815897824020&w=2
http://osvdb.org/62797
http://secunia.com/advisories/38899
http://www.securityfocus.com/archive/1/509984/100/0/threaded
http://www.securityfocus.com/bid/38611
http://www.vupen.com/english/advisories/2010/0555
http://www.zerodayinitiative.com/advisories/ZDI-10-026
https://exchange.xforce.ibmcloud.com/vulnerabilities/56757