HP Network Automation and Network Operations Management Multiple Security Vulnerabilities
BID:104131
CVE-2018-6492 | CVE-2018-6493 |Info
HP Network Automation and Network Operations Management Multiple Security Vulnerabilities
| Bugtraq ID: | 104131 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-6492 CVE-2018-6493 |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2018 12:00AM |
| Updated: | May 09 2018 12:00AM |
| Credit: | Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH. |
| Vulnerable: |
HP Network Operations Management 2018.02 HP Network Operations Management 2017.11 HP Network Operations Management 2017.06 HP Network Automation 10.11.1 HP Network Automation 10.50 HP Network Automation 10.40 HP Network Automation 10.30 HP Network Automation 10.20 HP Network Automation 10.11 HP Network Automation 10.10 HP Network Automation 10.1 HP Network Automation 10.00.02 HP Network Automation 10.00.01 HP Network Automation 10.0 |
| Not Vulnerable: | |
Discussion
HP Network Automation and Network Operations Management Multiple Security Vulnerabilities
Multiple HP Products are prone to the following security vulnerabilities:
1. An SQL-injection vulnerability
2. A cross-site scripting vulnerability
3. An HTML-injection vulnerability
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application or to control how the site is rendered to the user, access or modify data or exploit latent vulnerabilities in the underlying database.
Multiple HP Products are prone to the following security vulnerabilities:
1. An SQL-injection vulnerability
2. A cross-site scripting vulnerability
3. An HTML-injection vulnerability
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application or to control how the site is rendered to the user, access or modify data or exploit latent vulnerabilities in the underlying database.
Exploit / POC
HP Network Automation and Network Operations Management Multiple Security Vulnerabilities
Attackers can use a browser to exploit these issues. To exploit the cross-site scripting issues, an attacker must entice an unsuspecting user into following a malicious URI.
Attackers can use a browser to exploit these issues. To exploit the cross-site scripting issues, an attacker must entice an unsuspecting user into following a malicious URI.
Solution / Fix
HP Network Automation and Network Operations Management Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
HP Network Automation and Network Operations Management Multiple Security Vulnerabilities
References:
References: