HP Systems Insight Manager Unspecified Multiple Remote Security Vulnerabilities
BID:53315
CVE-2012-1994 |Info
HP Systems Insight Manager Unspecified Multiple Remote Security Vulnerabilities
| Bugtraq ID: | 53315 |
| Class: | Unknown |
| CVE: |
CVE-2012-1994 CVE-2012-1995 CVE-2012-1996 CVE-2012-1997 CVE-2012-1998 CVE-2012-1999 |
| Remote: | Yes |
| Local: | No |
| Published: | May 01 2012 12:00AM |
| Updated: | Jan 08 2013 10:50AM |
| Credit: | HP |
| Vulnerable: |
HP Systems Insight Manager 6.3 HP Systems Insight Manager 6.2 HP Systems Insight Manager 6.1 HP Systems Insight Manager 6.0.0.96 HP Systems Insight Manager 6.0 HP Systems Insight Manager 5.3 Update 1 HP Systems Insight Manager 5.3 HP Systems Insight Manager 5.2 SP2 HP Systems Insight Manager 5.1 SP1 HP Systems Insight Manager 5.0 SP6 HP Systems Insight Manager 5.0 SP5 HP Systems Insight Manager 5.0 SP3 HP Systems Insight Manager 5.0 SP2 HP Systems Insight Manager 5.0 SP1 HP Systems Insight Manager 5.0 HP Systems Insight Manager 4.2 SP2 HP Systems Insight Manager 4.2 SP1 HP Systems Insight Manager 4.2 Gentoo Linux |
| Not Vulnerable: |
HP Systems Insight Manager 7.0 |
Discussion
HP Systems Insight Manager Unspecified Multiple Remote Security Vulnerabilities
HP Systems Insight Manager is prone to multiple unspecified remote security vulnerabilities:
1. An unauthorized-access vulnerability
2. An information-disclosure vulnerability
3. A cross-site request-forgery vulnerability
4. A remote privilege-escalation vulnerability
5. An URL-redirection vulnerability
6. An authentication-bypass vulnerability
An attacker can exploit these issues to perform unauthorized actions on behalf of a logged-in user, obtain potentially sensitive information, bypass security restrictions, gain escalated privileges, or redirect a user to a potentially malicious site that may aid in phishing attacks.
Versions prior to Systems Insight Manager 7.0 are vulnerable.
HP Systems Insight Manager is prone to multiple unspecified remote security vulnerabilities:
1. An unauthorized-access vulnerability
2. An information-disclosure vulnerability
3. A cross-site request-forgery vulnerability
4. A remote privilege-escalation vulnerability
5. An URL-redirection vulnerability
6. An authentication-bypass vulnerability
An attacker can exploit these issues to perform unauthorized actions on behalf of a logged-in user, obtain potentially sensitive information, bypass security restrictions, gain escalated privileges, or redirect a user to a potentially malicious site that may aid in phishing attacks.
Versions prior to Systems Insight Manager 7.0 are vulnerable.
Exploit / POC
HP Systems Insight Manager Unspecified Multiple Remote Security Vulnerabilities
An attacker can exploit these issues using a browser. To exploit some of these issues, the attacker must entice a user into visiting a malicious site or following a malicious link.
An attacker can exploit these issues using a browser. To exploit some of these issues, the attacker must entice a user into visiting a malicious site or following a malicious link.
Solution / Fix
HP Systems Insight Manager Unspecified Multiple Remote Security Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
HP Systems Insight Manager Unspecified Multiple Remote Security Vulnerabilities
References:
References: