CVE-2011-0276

2011-02-0201:00:06

[email protected]

web.nvd.nist.gov

cve-2011-0276

hp openview

performance insight server

hidden account

java

remote code execution

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.971 High

EPSS

Percentile

99.8%

JSON

HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a “hidden account” in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.

Affected configurations

NVD

Node

hpopenview_performance_insightMatch5.2

hpopenview_performance_insightMatch5.3

hpopenview_performance_insightMatch5.4

hpopenview_performance_insightMatch5.31

hpopenview_performance_insightMatch5.41

CPENameOperatorVersion
hp:openview_performance_insighthp openview performance insighteq5.2
hp:openview_performance_insighthp openview performance insighteq5.3
hp:openview_performance_insighthp openview performance insighteq5.4
hp:openview_performance_insighthp openview performance insighteq5.31
hp:openview_performance_insighthp openview performance insighteq5.41

CPE	Name	Operator	Version
hp:openview_performance_insight	hp openview performance insight	eq	5.2
hp:openview_performance_insight	hp openview performance insight	eq	5.3
hp:openview_performance_insight	hp openview performance insight	eq	5.4
hp:openview_performance_insight	hp openview performance insight	eq	5.31
hp:openview_performance_insight	hp openview performance insight	eq	5.41