‘HP Insight Control Performance Management Privilege Elevation and Cross Site Request Forgery Vulnerabilities’

Summary

Potential security vulnerabilities have been identified in HP Insight Control performance management for Windows.’

Credit:

‘The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02748970


Details

Vulnerable Systems:
 * HP Insight Control performance management prior to v6.3

Immune Systems:
 * HP Insight Control performance management v6.3 or subsequent

Potential security vulnerabilities have been identified in HP Insight Control performance management for Windows. The vulnerabilities could be exploited remotely resulting in privilege elevation and cross site request forgery (CSRF).

Patch Availability:
The HP Insight Control performance management updates are contained on Insight Software DVD images. These DVD images are available here:
http://h18000.www1.hp.com/products/servers/management/fpdownload.html

CVE Information:
CVE-2011-1544
CVE-2011-1545

Disclosure Timeline:
Version: 1 (rev.1) – 20 April 2011 Initial release’

Categories: Windows