we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability announce CVE-2012-3258

HP Operations Orchestration: code execution via RSScheduler

Synthesis of the vulnerability

An unauthenticated attacker can inject commands in the JDBC component of the RSScheduler service of HP Operations Orchestration, in order to execute code with system privileges.
Impacted products: OpenView, OpenView Operations, HP Operations.
Severity: 3/4.
Creation date: 29/08/2012.
Identifiers: BID-55270, BID-55594, c03490339, CVE-2012-3258, HPSBMU02813, SSRT100712, VIGILANCE-VUL-11902, ZDI-12-172.

Description of the vulnerability

The JDBC component of the RSScheduler service of HP Operations Orchestration listens by default on port 9001/tcp.

However, an attacker can inject SQL data via JDBC. These data are then executed with privileges of the SYSTEM user. Technical details are unknown.

An unauthenticated attacker can therefore inject commands in the JDBC component of the RSScheduler service of HP Operations Orchestration, in order to execute code with system privileges.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides a systems vulnerabilities watch. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The technology watch team tracks security threats targeting the computer system.