HP OpenView Performance Insight Security Bypass And HTML Injection Vulnerabilities Network Vulnerability

Summary

HP OpenView Performance Insight is prone to a security-bypass vulnerability and an HTML-injection vulnerability. An attacker may leverage the HTML-injection issue to inject hostile HTML and script code that would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. The attacker may leverage the security-bypass issue to bypass certain security restrictions and perform unauthorized actions in the affected application.

Solution

Vendor updates are available. Please see the references for details.

References

http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02942411&ac.admitted=1312903473487.876444892.199480143
http://www.securityfocus.com/bid/49096
https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&amp;cp=1-11-15-119^1211_4000_100

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2406, CVE-2011-2407, CVE-2011-2410

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Apache Tomcat source.jsp malformed request information disclosure
Apache Tomcat DOS Device Name XSS
Apache Solr Directory Traversal Vulnerability Jan-14
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
An Image Gallery Directory Traversal Vulnerability

HP OpenView Performance Insight Security Bypass and HTML Injection Vulnerabilities

Take action and discover your vulnerabilities