First published: Wed Feb 02 2011(Updated: )
HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.
Credit: hp-security-alert@hp.com
Affected Software | Affected Version | How to fix |
---|---|---|
HP OpenView Performance Insight | =5.2 | |
HP OpenView Performance Insight | =5.41 | |
HP OpenView Performance Insight | =5.31 | |
HP OpenView Performance Insight | =5.4 | |
HP OpenView Performance Insight | =5.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-0276 is classified as a critical vulnerability due to its potential for remote code execution.
To fix CVE-2011-0276, users should upgrade to the latest version of HP OpenView Performance Insight that addresses this vulnerability.
CVE-2011-0276 affects HP OpenView Performance Insight versions 5.2, 5.3, 5.31, 5.4, and 5.41.
Yes, CVE-2011-0276 can be exploited remotely by attackers through the affected application's doPost method.
If using an affected version of HP OpenView Performance Insight, it is crucial to update to a patched version immediately to mitigate risks.