Short Name |
APP:HPOV:NNM-EVTCOR-CMD-INJ |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
HP OpenView Network Node Manager Event Correlation Service Command Injection |
Release Date |
2005/09/01 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects a command injection in HP OpenView. Version 7.5 and prior are vulnerable. A successful exploitation could lead to arbitrary remote command execution.
HP OpenView Network Node Manager is prone to multiple remote arbitrary command-execution vulnerabilities. These issue arise when the user-specified 'node' URI parameter of various scripts is used as part of a command to be executed with the 'system()' function. These issues may facilitate unauthorized remote access in the context of the webserver to the affected computer. These issues affect version 6.41 and 7.5 on the Solaris platform. Unknown versions of the package on Microsoft Windows platforms are also affected. Other versions and platforms are also likely affected.