Summary
HP Systems Insight Manager is prone to a vulnerability that lets attackers download arbitrary files.
Exploiting this issue will allow an attacker to view arbitrary files within the context of the application. Information harvested may aid in launching further attacks.
The issue affects HP Systems Insight Manager versions 6.0 and 6.1.
Solution
Vendor updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2010-3286 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- 123 Flash Chat Multiple Security Vulnerabilities
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities