HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities Network Vulnerability

Summary

HP OpenView Network Node Manager is prone to multiple remote code- execution vulnerabilities. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the user running the application's webserver. Failed exploit attempts will likely result in denial-of-service conditions. OpenView Network Node Manager 7.51 and 7.53 are vulnerable.

Solution

Updates are available. Please see the references for details.

References

http://openview.hp.com/
http://www.securityfocus.com/archive/1/515628
http://www.zerodayinitiative.com/advisories/ZDI-11-003/
http://www.zerodayinitiative.com/advisories/ZDI-11-004/
http://www.zerodayinitiative.com/advisories/ZDI-11-005/
http://www.zerodayinitiative.com/advisories/ZDI-11-006/
http://www.zerodayinitiative.com/advisories/ZDI-11-007/
http://www.zerodayinitiative.com/advisories/ZDI-11-008/
http://www.zerodayinitiative.com/advisories/ZDI-11-009/
http://www.zerodayinitiative.com/advisories/ZDI-11-010/
http://www.zerodayinitiative.com/advisories/ZDI-11-011/
http://www.zerodayinitiative.com/advisories/ZDI-11-012/
https://www.securityfocus.com/bid/45762

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0261, CVE-2011-0262, CVE-2011-0263, CVE-2011-0264, CVE-2011-0265, CVE-2011-0266, CVE-2011-0267, CVE-2011-0268, CVE-2011-0269, CVE-2011-0270, CVE-2011-0271

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

aflog Cookie-Based Authentication Bypass Vulnerability
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
4psa Voipnow Local File Inclusion Vulnerability
AdMentor Login Flaw
ATutor < 1.5.1-pl1 Multiple Flaws

Take action and discover your vulnerabilities