Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в HP Service Manager / HP Service Center
Опубликовано:10 июня 2011 г.
Источник:
SecurityVulns ID:11723
Тип:удаленная
Уровень опасности:
5/10
Описание:Несанкционированный доступ, повышение привилегий, утечка информации, перехват HTTP-сеанса, межсайтовый сериптинг.
Затронутые продукты:HP : HP Service Manager 9.21
 HP : HP Service Manager 9.20
 HP : HP Service Manager 7.11
 HP : HP Service Manager 7.02
 HP : HP Service Manager client 9.21
 HP : HP Service Manager client 9.20
 HP : HP Service Manager client 7.11
 HP : HP Service Manager client 7.02
 HP : HP Service Center 6.2
 HP : HP Service Center client 6.2
CVE:CVE-2011-1863 (HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors.)
 CVE-2011-1862 (Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2011-1861 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors.)
 CVE-2011-1860 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors.)
 CVE-2011-1859 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to obtain sensitive information via unknown vectors.)
 CVE-2011-1858 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows local users to bypass intended access restrictions via unknown vectors.)
 CVE-2011-1857 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02674 SSRT100487 rev.1 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XS (10.06.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород