|
HP StorageWorks Command View Advanced Edition for XP Unauthorized User Account Access
|
|
Secunia Advisory:
|
SA25029
|
|
|
Release Date:
|
2007-04-25
|
|
Last Update:
|
2007-04-30
|
|
Popularity:
|
4,524 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of sensitive information
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | HP StorageWorks Command View Advanced Edition for XP 5.x
HP StorageWorks XP Replication Monitor 1.x
HP StorageWorks XP Replication Monitor 5.x
HP StorageWorks XP Tiered Storage Manager 1.x
HP StorageWorks XP Tiered Storage Manager 5.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2007-2275
|
|
Description:
A vulnerability has been reported in HP StorageWorks Command View Advanced Edition for XP, which potentially can be exploited by malicious, local users to gain access to other users' accounts.
The vulnerability is caused due to an unspecified error within the new user registration or addition process. No further information is available.
The vulnerability reportedly affects the following products and versions:
* HP StorageWorks Command View Advanced Edition for XP v 5.0.0-00 to v 5.1.0-05 and v 5.5.0-00 to v 5.5.0-02
* HP StorageWorks XP Replication Monitor v 1.1.0-00 and v 5.0.0-00 to v 5.5.0-02
* HP StorageWorks XP Tiered Storage Manager v 1.1.0-00 and v 5.0.0-00 to v 5.5.0-01
when at least one of the following Lines/Models is installed on a single server:
* HP StorageWorks Command View Device Manager
* HP StorageWorks Command View Global Link Availability Manager
* HP StorageWorks Command View Replication Monitor
* HP StorageWorks Command View Tiered Storage Manager
* HP StorageWorks Command View Tuning Manager
Solution:
Apply updates.
http://welcome.hp.com/country/us/en/support.html?pageDisplay=drivers
HP StorageWorks Command View Advanced Edition for XP:
* Install v 5.6.0-01 or subsequent
HP StorageWorks XP Replication Monitor:
* Install v 5.6.0-01 or subsequent
HP StorageWorks XP Tiered Storage Manager:
* Install v 5.5.0-02 or subsequent
Provided and/or discovered by:
Reported by the vendor.
Changelog:
2007-04-30: Added CVE reference.
Original Advisory:
HPSBST02200 SSRT071330:
http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBST02200
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
