CVE-2011-0276

2011-02-0201:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2011-0276

hp openview

performance insight server

hidden account

java

remote code execution

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a “hidden account” in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.

CPENameOperatorVersion
hp:openview_performance_insighthp openview performance insighteq5.2
hp:openview_performance_insighthp openview performance insighteq5.41
hp:openview_performance_insighthp openview performance insighteq5.31
hp:openview_performance_insighthp openview performance insighteq5.4
hp:openview_performance_insighthp openview performance insighteq5.3

CPE	Name	Operator	Version
hp:openview_performance_insight	hp openview performance insight	eq	5.2
hp:openview_performance_insight	hp openview performance insight	eq	5.41
hp:openview_performance_insight	hp openview performance insight	eq	5.31
hp:openview_performance_insight	hp openview performance insight	eq	5.4
hp:openview_performance_insight	hp openview performance insight	eq	5.3