HP Insight Management Agents Unspecified Multiple Remote Security Vulnerabilities
BID:53341
Info
HP Insight Management Agents Unspecified Multiple Remote Security Vulnerabilities
| Bugtraq ID: | 53341 |
| Class: | Unknown |
| CVE: |
CVE-2012-2003 CVE-2012-2004 CVE-2012-2005 CVE-2012-2006 |
| Remote: | Yes |
| Local: | No |
| Published: | May 02 2012 12:00AM |
| Updated: | May 02 2012 12:00AM |
| Credit: | HP |
| Vulnerable: |
HP Insight Management Agents 8.9 HP Insight Management Agents 8.6 HP Insight Management Agents 8.5 |
| Not Vulnerable: |
HP Insight Management Agents 9.0.0.0 |
Discussion
HP Insight Management Agents Unspecified Multiple Remote Security Vulnerabilities
HP Insight Management Agents is prone to multiple unspecified remote security vulnerabilities:
1. A security-bypass vulnerability that allows unauthorized modification
2. A cross-site request-forgery vulnerability
3. A denial-of-service vulnerability
4. An URL-redirection vulnerability
5. A cross-site scripting vulnerability
An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or redirect a user to a potentially malicious site that may aid in phishing attacks.
Versions prior to HP Insight Management Agents for Windows Server 9.0.0.0 are vulnerable.
HP Insight Management Agents is prone to multiple unspecified remote security vulnerabilities:
1. A security-bypass vulnerability that allows unauthorized modification
2. A cross-site request-forgery vulnerability
3. A denial-of-service vulnerability
4. An URL-redirection vulnerability
5. A cross-site scripting vulnerability
An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or redirect a user to a potentially malicious site that may aid in phishing attacks.
Versions prior to HP Insight Management Agents for Windows Server 9.0.0.0 are vulnerable.
Exploit / POC
HP Insight Management Agents Unspecified Multiple Remote Security Vulnerabilities
An attacker can exploit these issues using a browser. To exploit some of these issues, the attacker must entice a user into visiting a malicious site or following a malicious link.
An attacker can exploit these issues using a browser. To exploit some of these issues, the attacker must entice a user into visiting a malicious site or following a malicious link.
References
HP Insight Management Agents Unspecified Multiple Remote Security Vulnerabilities
References:
References:
- HP Homepage (HP)
- HPSBMU02770 SSRT100848 rev.1 (HP)