‘HP Performance Manager Multiple vulnerabilities’

Summary

Unauthorized Access, Cross Site Scripting and Denial of Service vulnerabilities were identified affecting HP Performance Manager for HP-UX, Linux, Solaris and Windows.’

Credit:

‘The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02181353


Details

Vulnerable Systems:
 * HP Performance Manager v8.10 running on HP-UX.
 * HP Performance Manager v8.10 running on Linux.
 * HP Performance Manager v8.10 running on Solaris.
 * HP Performance Manager v8.10 running on Windows.
 * HP Performance Manager v8.20 running on HP-UX.
 * HP Performance Manager v8.20 running on Linux.
 * HP Performance Manager v8.20 running on Solaris.
 * HP Performance Manager v8.20 running on Windows.
 * HP Performance Manager v8.21 running on HP-UX.
 * HP Performance Manager v8.21 running on Linux.
 * HP Performance Manager v8.21 running on Solaris.
 * HP Performance Manager v8.21 running on Windows.

Potential security vulnerabilities have been identified with HP Performance Manager. The vulnerabilities could be exploited remotely to allow unauthorized access, cross site scripting, and Denial of Service.

Patch Availability:
HP has made patches available to resolve the vulnerabilities.
The patches are available from
http://support.openview.hp.com/selfsolve/patches

CVE Information:
CVE-2008-5515
CVE-2009-0033
CVE-2009-0580
CVE-2009-0781
CVE-2009-0783
CVE-2009-2693
CVE-2009-2901
CVE-2009-2902
CVE-2009-3548

Disclosure Timeline:
2010-05-17: Release Date
2010-05-17: Last Updated’

Categories: News