The HP Device Manager Server RMI object ‘HPDM Server RMI’ listening on the remote Windows host does not enforce client certificate validation. It is, therefore, affected by an unauthenticated RMI object call vulnerability that can allow an unauthenticated remote attacker to inject HQL that injects SQL that will run on the bundled PostgreSQL database.
Binary data hp_device_manager_rmi_unauthenticated.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
hp | hp_device_manager | x-cpe:/a:hp:hp_device_manager |