HP Performance Insight Multiple Unspecified Security Vulnerabilities

Bugtraq ID:	53415
Class:	Unknown
CVE:	CVE-2012-2007 CVE-2012-2008 CVE-2012-2009
Remote:	Yes
Local:	No
Published:	May 07 2012 12:00AM
Updated:	Jan 27 2014 12:55AM
Credit:	The vendor reported these issues.
Vulnerable:	HP Performance Insight 5.41.2 HP Performance Insight 5.41.1 HP Performance Insight 5.41 HP Performance Insight 5.3
Not Vulnerable:

HP Performance Insight Multiple Unspecified Security Vulnerabilities

HP Performance Insight is prone to cross-site scripting, SQL-injection and security-bypass vulnerabilities.

Exploiting these issues may allow an attacker to perform unauthorized actions, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

HP Performance Insight Multiple Unspecified Security Vulnerabilities

An attacker can use a browser to exploit these issues. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.

HP Performance Insight Multiple Unspecified Security Vulnerabilities

Solution:
Vendor fix is available. Please see the references for more information.

HP Performance Insight Multiple Unspecified Security Vulnerabilities

References:

• HP Homepage (HP)
  
• HP Performance Insight software Homepage (HP)
  
• HPSBMU02775 SSRT100853 (HP)