Lucene search
This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.HP_IMC_APM_70_E0101.NASLHistoryJan 09, 2014 - 12:00 a.m.
HP Intelligent Management Center APM Module < 7.0 E0101 SQL Injection
2014-01-0900:00:00
This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.
www.tenable.com
17
The version of the HP Intelligent Management Center Application Performance Manager Module on the remote host does not properly sanitize the ‘monitorId’ parameter in the ‘AppDataDaoImpl’ class, allowing for remote SQL injection attacks.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(71890);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2013-4827");
script_bugtraq_id(62900);
script_name(english:"HP Intelligent Management Center APM Module < 7.0 E0101 SQL Injection");
script_set_attribute(attribute:"synopsis", value:
"The version of the HP Intelligent Management Center Application
Performance Manager module on the remote host is affected by a SQL
injection vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of the HP Intelligent Management Center Application
Performance Manager Module on the remote host does not properly sanitize
the 'monitorId' parameter in the 'AppDataDaoImpl' class, allowing for
remote SQL injection attacks.");
# https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03943547
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4d029e6b");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-243/");
script_set_attribute(attribute:"solution", value:
"Upgrade to the iMC APM module to version 7.0 E0101 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/08");
script_set_attribute(attribute:"patch_publication_date", value:"2013/09/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/09");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:intelligent_management_center");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.");
script_dependencies("hp_imc_detect.nbin");
script_require_ports("Services/activemq", 61616);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
# Figure out which port to use
port = get_service(svc:'activemq', default:61616, exit_on_fail:TRUE);
version = get_kb_item_or_exit('hp/hp_imc/' + port + '/components/iMC-APME/version');
# Versions 5.2 E0401 and earlier are affected
if (version =~ '^([0-4]\\.|5\\.(0\\-|1\\-|2\\-E0([0-9]{1,2}|[0-3][0-9]{2}|40[01])([^0-9]|$)))')
{
set_kb_item(name:'www/0/SQLInjection', value:TRUE);
if (report_verbosity > 0)
{
report =
'\n Installed version : ' + version +
'\n Fixed version : 7.0-E0101' +
'\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, 'HP Intelligent Management Center APM Component', port, version);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hp | intelligent_management_center | cpe:/a:hp:intelligent_management_center |
Related
prion
prion
Sql injection
2013-10-13 10:20:00
zdi
zdi
cve
cve
CVE-2013-4827
2013-10-13 10:20:00
cvelist
cvelist
CVE-2013-4827
2022-10-03 16:14:56
securityvulns
securityvulns
HP Intelligent Management Center multiple security vulnerabilities
2013-10-09 00:00:00
Related for HP_IMC_APM_70_E0101.NASL