The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of HP OpenView Performance Insight: code execution

Synthesis of the vulnerability 

An attacker can use three vulnerabilities of the HP OpenView Performance Insight product, in order to execute code.
Impacted software: OpenView.
Severity of this computer vulnerability: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/08/2011.
Revision date: 16/08/2011.
Références of this announce: BID-49096, BID-49184, c02942411, CVE-2011-2406, CVE-2011-2407, CVE-2011-2410, HPSBMU02695, SSRT100480, VIGILANCE-VUL-10894.

Description of the vulnerability 

The HP OpenView Performance Insight (OVPI) product installs the Java piweb.jar archive, which manages HTTP queries. However, three vulnerabilities impact this Java application.

A remote attacker can execute code. [severity:3/4; CVE-2011-2406]

A remote attacker can inject code in HTML data, in order to execute code. [severity:2/4; CVE-2011-2407]

An attacker can create a Cross Site Scripting. [severity:2/4; BID-49184, CVE-2011-2410]

An attacker can therefore use three vulnerabilities of the HP OpenView Performance Insight product, in order to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security announce impacts software or systems such as OpenView.

Our Vigil@nce team determined that the severity of this threat is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

This bulletin is about 3 vulnerabilities.

An attacker with a expert ability can exploit this computer vulnerability announce.

Solutions for this threat 

HP OpenView Performance Insight: hotfix 5.41.002 piweb HF07.
A hotfix is available:
  https://www.hp.com/go/swa
  32-bit : 5.41.002 piweb HF07
  64-bit : 5.41.002_64-bit_piweb HF02
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an applications vulnerabilities patch. The Vigil@nce vulnerability database contains several thousand vulnerabilities.