CVE-2008-4560

2009-02-0821:30:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2008-4560

hp openview

nnm

remote attack

sensitive information

cgi program

6.1 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.003 Low

EPSS

Percentile

69.2%

JSON

HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI program, which reveals configuration details. NOTE: this issue may be partially covered by CVE-2009-0205.

CPENameOperatorVersion
hp:openview_network_node_managerhp openview network node managereq7.53
hp:openview_network_node_managerhp openview network node managereq7.0.1
hp:openview_network_node_managerhp openview network node managereq7.51

CPE	Name	Operator	Version
hp:openview_network_node_manager	hp openview network node manager	eq	7.53
hp:openview_network_node_manager	hp openview network node manager	eq	7.0.1
hp:openview_network_node_manager	hp openview network node manager	eq	7.51