10
CVE-2010-0447
- EPSS 5.66%
- Veröffentlicht 10.03.2010 22:30:01
- Zuletzt bearbeitet 16.06.2026 23:16:11
- Quelle hp-security-alert@hp.com
- CVE-Watchlists
- Unerledigt
The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hp ≫ Openview Performance Insight Version <= 5.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.66% | 0.92 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://marc.info/?l=bugtraq&m=126815897824020&w=2
http://osvdb.org/62797
http://secunia.com/advisories/38899
http://www.securityfocus.com/archive/1/509984/100/0/threaded
http://www.securityfocus.com/bid/38611
http://www.vupen.com/english/advisories/2010/0555
http://www.zerodayinitiative.com/advisories/ZDI-10-026
https://exchange.xforce.ibmcloud.com/vulnerabilities/56757