Security Advisory SA49592 - HP System Management Homepage / HP Management Agents Multiple Vulnerabilities

Overview

Advisories

Research

Forums

Create Profile

Our Commitment

Database

Advisories by Product

Advisories by Vendor

Terminology

Report Vulnerability

Insecure Library Loading

Secunia Advisory SA49592

HP System Management Homepage / HP Management Agents Multiple Vulnerabilities

Secunia Advisory

SA49592

Release Date

2012-06-27

Last Update

2013-05-09

Popularity

1,798 view

Comments

0 comments

Criticality level

Highly critical

Impact

System access

Where

From remote

Authentication level

This information is available to Secunia VIM customers

Report reliability

This information is available to Secunia VIM customers

Solution Status

Vendor Patch

Systems affected

This information is available to Secunia VIM customers

Approve distribution

This information is available to Secunia VIM customers

Software:

HP Management Agents 9.x

HP System Management Homepage 7.x

Secunia CVSS Score

This information is available to Secunia VIM Customers

CVE Reference(s)

Description

Multiple vulnerabilities have been reported in HP System Management Homepage and HP Management Agents, where some have unknown impacts and others can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, hijack a user's session, cause a DoS (Denial of Service), bypass certain security restrictions, manipulate certain data, and compromise a vulnerable system.

1) An unspecified error can be exploited to cause a crash. No further information is currently available.

2) An unspecified error with an unknown impact related to input validation exists. No further information is currently available.

3) An unspecified error can be exploited to gain escalated privileges. No further information is currently available.

4) An unspecified error can be exploited to disclose sensitive information. No further information is currently available.

5) The application bundles vulnerable versions of Libxml2, PHP, Apache, OpenSSL, and cURL:

For more information:
SA44711
SA45793
SA46107
SA46632
SA46823
SA46958
SA47404
SA47426
SA47690
SA47806
SA49014

The vulnerabilities are reported in HP System Management Homepage versions prior to 7.1.1 and HP Management Agents versions prior to 9.1.0(A).

Solution
Update to HP System Management Homepage version 7.1.1 or HP Management Agents version 9.1.0(A).

Provided and/or discovered by
1-4) Reported by the vendor.

Changelog
Further details available to Secunia VIM customers

Original Advisory
HPSBMU02786 SSRT100877:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03360041

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: HP System Management Homepage / HP Management Agents Multiple Vulnerabilities

No posts yet

Secunia Advisory SA49592

HP System Management Homepage / HP Management Agents Multiple Vulnerabilities

Do you have additional information related to this advisory?

You must be logged in to post a comment.

Secunia Customer Login

Not a customer already?