HP Service Manager Multiple Vulnerabilities

Last Update Date: 2 May 2013 11:28 Release Date: 2 May 2013 4118 Views

RISK: High Risk

High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities have been identified in HP Service Manager, which can be exploited by attacker to gain escalated privileges, conduct cross-site scripting attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

  1. The application bundles a vulnerable version of Java.
    This vulnerabilities are identified in HP Service Manager versions 9.30 and 9.31 for Windows, Linux, HP-UX, Solaris, and AIX.
  2. Certain unspecified input related to the Web Tier component is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
  3. An unspecified error in the Web Tier component can be exploited to disclose certain potentially sensitive information.

The vulnerabilities 2 and 3 are identified in version 9.31 for Windows.

Impact

  • Cross-Site Scripting
  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure

System / Technologies affected

  • HP Service Manager 9.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 9.31.2004 p2

Vulnerability Identifier

Source

Related Link

Share with

Previous

Cisco IOS XR Deny Service Vulnerability

30 Apr 2013 4203 Views

Next

Novell iPrint Client Unspecified Buffer Overflow Vulnerability

3 May 2013 3974 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY