The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HPE Network Management Center

computer vulnerability note CVE-2011-4790

HP Network Automation: code execution

Synthesis of the vulnerability

A remote attacker can execute code on HP Network Automation.
Impacted products: HPE NMC.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 31/01/2012.
Identifiers: BID-51746, c03171149, CVE-2011-4790, HPSBMU02738, SSRT100748, VIGILANCE-VUL-11329.

Description of the vulnerability

The HP Network Automation is part of HP Network Management Center.

A remote attacker can execute code on HP Network Automation.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2009-0920 CVE-2009-0921

OpenView NNM: code execution

Synthesis of the vulnerability

A remote attacker can execute code on the server using several vulnerabilities of HP OpenView Network Node Manager.
Impacted products: HPE NMC, OpenView, OpenView NNM.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 23/03/2009.
Identifiers: BID-34134, BID-34135, BID-34294, c01696729, CERTA-2009-AVI-116, CORE-2009-0122, CVE-2009-0920, CVE-2009-0921, HPSBMA02416, SSRT090008, VIGILANCE-VUL-8555.

Description of the vulnerability

The Openview NNM (Network Node Manager) product manages a network of computers. It is impacted by several vulnerabilities.

An attacker can use the OvOSLocale parameter of the /OvCgi/Toolbar.exe script in order to generate a buffer overflow. [severity:3/4; BID-34294, CERTA-2009-AVI-116, CVE-2009-0920]

An attacker can use the OvAcceptLang cookies of the /OvCgi/Toolbar.exe script in order to generate a buffer overflow. [severity:3/4; BID-34134, CVE-2009-0921]

An attacker can use a long Accept-Language header for the /OvCgi/Toolbar.exe script in order to generate a buffer overflow. [severity:3/4; BID-34135, CVE-2009-0921]

A remote attacker can therefore execute code on the server.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2008-0067

OpenView NNM: several overflows

Synthesis of the vulnerability

Several vulnerabilities of OpenView NNM can be used by an attacker to create a denial of service or to execute code.
Impacted products: HPE NMC, OpenView, OpenView NNM.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 6.
Creation date: 07/01/2009.
Revision date: 12/02/2009.
Identifiers: 2008-13, BA324, BID-33147, c01646081, CERTA-2009-AVI-027, CVE-2008-0067, HPSBMA02400, SSRT080144, VIGILANCE-VUL-8370.

Description of the vulnerability

Several vulnerabilities impact OpenView NNM.

An attacker can use a long parameter in the OpenView5.exe CGI script in order to generate a buffer overflow. [severity:3/4]

An attacker can use a long Context parameter in the OpenView5.exe CGI script in order to generate a buffer overflow. [severity:3/4; BA324]

An attacker can use a long parameter in the getcvdata.exe CGI script in order to generate a buffer overflow. [severity:3/4]

An attacker can use a long parameter in the ovlaunch.exe CGI script in order to generate a buffer overflow. [severity:3/4]

An attacker can use a long parameter in the Toolbar.exe CGI script in order to generate a buffer overflow. [severity:3/4]

An attacker can use a long parameter in the Toolbar.exe CGI script in order to generate a buffer overflow. [severity:3/4]

These vulnerabilities lead to a denial of service or to code execution.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2008-4559 CVE-2008-4560 CVE-2008-4561

OpenView NNM: code execution

Synthesis of the vulnerability

A remote attacker can execute code on the server using several vulnerabilities of HP OpenView Network Node Manager.
Impacted products: HPE NMC, OpenView, OpenView NNM.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 06/02/2009.
Revision date: 09/02/2009.
Identifiers: BID-33651, BID-33666, BID-33667, BID-33668, c01661610, CERTA-2009-AVI-053, CVE-2008-4559, CVE-2008-4560, CVE-2008-4561, CVE-2008-4562, CVE-2009-0205, HPSBMA02406, SSRT080092, SSRT080095, SSRT080100, VIGILANCE-VUL-8449.

Description of the vulnerability

The Openview NNM (Network Node Manager) product manages a network of computers. It is impacted by several vulnerabilities.

An attacker can inject commands in webappmon.exe and OpenView5.exe CGI applications. [severity:3/4; BID-33666, CVE-2008-4559]

An attacker can send a malicious query to the nnmRptConfig.exe CGI application in order to obtain the name of the log directory. [severity:1/4; BID-33667, CVE-2008-4560, CVE-2008-4561, SSRT080095]

An attacker can send a malicious query to the ovlaunch.exe CGI application in order to obtain information about the configuration. [severity:2/4; BID-33667, CVE-2008-4560, CVE-2008-4561, SSRT080095]

An attacker can generate a buffer overflow in the ovlaunch CGI application. [severity:3/4; BID-33668, CVE-2008-4562, SSRT080092]

A remote attacker can therefore execute code on the server or obtain information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2007-4349

HP OpenView: denial of service of Trace Service

Synthesis of the vulnerability

An attacker can connect to the RPC service of HP OpenView Trace Service in order to stop it.
Impacted products: HPE NMC, OpenView, OpenView NNM.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 22/10/2008.
Identifiers: BID-31860, c01607558, c01612418, c01621724, CERTA-2008-AVI-595, CVE-2007-4349, HPSBMA02390, HPSBMA02391, HPSBMA02392, SSRT071481, VIGILANCE-VUL-8193.

Description of the vulnerability

The HP OpenView Trace Service listens as RPC on ports 5051/tcp or 5053/tcp.

A non authenticated attacker can connect to these ports and send a special sequence of RPC queries, which forces a read at an invalid memory address, and stops the service.

An attacker can therefore connect to the RPC service of HP OpenView Trace Service in order to stop it.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2008-3545

OpenView NNM: denial of service of ovtopmd

Synthesis of the vulnerability

A remote attacker can use a vulnerability of OpenView NNM in order to create a denial of service.
Impacted products: HPE NMC, OpenView, OpenView NNM.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 09/10/2008.
Identifiers: BID-31669, c01567813, CVE-2008-3545, HPSBMA02374, SSRT080046, VIGILANCE-VUL-8156.

Description of the vulnerability

The Openview NNM (Network Node Manager) product manages a network of computers.

The ovtopmd service (OpenView Topology Manager Daemon) handles the database containing network topology.

A network attacker can create a denial of service in ovtopmd.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2008-3536 CVE-2008-3537

OpenView NNM: denial of service

Synthesis of the vulnerability

A remote attacker can use two vulnerabilities of OpenView NNM in order to create a denial of service.
Impacted products: HPE NMC, OpenView, OpenView NNM, HP-UX.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/09/2008.
Identifiers: BID-30984, c01537275, CVE-2008-3536, CVE-2008-3537, HPSBMA02362, SSRT080044, SSRT080045, VIGILANCE-VUL-8081.

Description of the vulnerability

The Openview NNM (Network Node Manager) product manages a network of computers.

The OVALARMSRV service, which listens on ports 2953/tcp and 2954/tcp, handles alarms. It has two vulnerabilities.

They can be used by a remote attacker to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2008-3544

OpenView NNM: several vulnerabilities of ovalarmsrv

Synthesis of the vulnerability

An attacker can use several vulnerabilities of the OVALARMSRV service of Openview NNM in order to create a denial of service or to execute code.
Impacted products: HPE NMC, OpenView, OpenView NNM, HP-UX.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 08/04/2008.
Revisions dates: 09/04/2008, 15/04/2008.
Identifiers: BID-28668, c01537275, CVE-2008-3544, HPSBMA02362, SSRT080044, SSRT080045, VIGILANCE-VUL-7737.

Description of the vulnerability

The Openview NNM (Network Node Manager) product manages a network of computers. The OVALARMSRV service, which listens on ports 2953/tcp and 2954/tcp, handles alarms. It has three vulnerabilities.

An attacker can send a message containing format characters to the 2953/tcp port in order to generate a format string attack leading to code execution. [severity:3/4]

An attacker can send a query longer than 512 bytes to the 2954/tcp port in order to create a buffer overflow leading to code execution. [severity:3/4]

An attacker can send malformed queries to 2953/tcp and 2954/tcp ports in order to create a denial of service. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2008-0068 CVE-2008-1851 CVE-2008-1852

OpenView NNM: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of OpenView NNM can be used by an attacker to read files or to create a denial of service.
Impacted products: HPE NMC, OpenView, OpenView NNM.
Severity: 3/4.
Consequences: data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 14/04/2008.
Identifiers: BID-28745, c01496048, CVE-2008-0068, CVE-2008-1851, CVE-2008-1852, CVE-2008-1853, HPSBMA02349, SSRT080043, VIGILANCE-VUL-7759.

Description of the vulnerability

Several vulnerabilities impact OpenView NNM.

An attacker can use the Action parameter of /OvCgi/OpenView5.exe script in order to read a file from the computer. [severity:3/4; CVE-2008-0068]

An attacker can send malicious data to the port 2954/tcp in order to create an infinite loop in ovalarmsrv. [severity:2/4; CVE-2008-1851]

An attacker can send malicious data to the port 2954/tcp in order to force ovalarmsrv to stop by dereferencing an infinite loop. [severity:2/4; CVE-2008-1852]

An attacker can connect to the 2532/tcp port and ask ovtopmd to stop a process. [severity:3/4; CVE-2008-1853]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2008-1842

OpenView NNM: integer overflow of ovspmd

Synthesis of the vulnerability

An attacker can send malicious data to ovspmd in order to create a denial of service or to execute code.
Impacted products: HPE NMC, OpenView, OpenView NNM.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 09/04/2008.
Identifiers: BID-28689, c01466051, CVE-2008-1842, HPSBMA02338, SSRT080024, SSRT080041, VIGILANCE-VUL-7750.

Description of the vulnerability

The ovspmd daemon, used by OpenView Network Node Manager, listens on the port 8886/tcp.

This service uses messages composed:
 - of a size stored on 4 bytes,
 - followed by "size-4" bytes of data
The maximal size which can be received is 9216 bytes. However, the size check uses a signed integer. An attacker can therefore use a size greater than 0x80000000 in order to bypass the check and to create an overflow.

An attacker can thus send long data to ovspmd in order to create a denial of service or to execute code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about HPE Network Management Center: