‘HP Insight Control Performance Management Multiple Vulnerabilities’

Summary

Cross Site Scripting, Privilege Escalation and Cross Site Request Forgery vulnerabilities have been identified in HP Insight Control performance management for Windows.’

Credit:

‘The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02563642


Details

Vulnerable Systems:
 * HP Insight Control performance management prior to version 6.2

Immune Systems:
 * HP Insight Control performance management version 6.2

The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), privilege escalation, cross site request forgery (CSRF).

CVE Information:
CVE-2010-4030
CVE-2010-4031
CVE-2010-4032

Disclosure Timeline:
2010-10-28 Initial Release’

Categories: Windows