HP SiteScope SOAP Remote Disclosure of Information, Remote Code Execution Vulnerabilities
The information has been provided by Andrea Micalizzi aka rgod.
The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03489683
* HP SiteScope v11.10, v11.11, v11.12, v11.20 for Windows, Linux and Solaris
A vulnerability was reported in HP SiteScope. A remote user can execute arbitrary code on the target system. A remote user can obtain potentially sensitive information.The SiteScope SOAP feature is affected.Potential security vulnerabilities have been identified with HP SiteScope.The vulnerabilities in SiteScope SOAP features could be remotely exploited to allow disclosure of information or code execution.
HP has provided SiteScope update v11.13 to update for HP SiteScope v11.10 to enable a resolution of this issue. HP has provided patches to v11.20 to enable a resolution of this issue.
Release Date: 2012-10-31
Last Updated: 2012-10-31
Version:1 (rev.1) – 19 September 2012 Initial release
Version:2 (rev.2) – 19 September 2012 updated reference section
Version:3 (rev.3) – 20 September 2012 updated Supported Software Versions section
Version:4 (rev.4) – 31 October 2012 updated Supported Software Versions section