CVE-2011-0271

2011-01-1319:00:00

CWE-78

[email protected]

web.nvd.nist.gov

openview

nnm

cgi

script

command injection

vulnerability

cve-2011-0271

7.9 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

86.0%

JSON

The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter’s value, related to a “command injection vulnerability.”

CPENameOperatorVersion
hp:openview_network_node_managerhp openview network node managereq7.51
hp:openview_network_node_managerhp openview network node managereq7.53