First published: Thu Jul 05 2012(Updated: )
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: hp-security-alert@hp.com
Affected Software | Affected Version | How to fix |
---|---|---|
HP Network Node Manager i | =8.10 | |
HP Network Node Manager i | =8.11.002 | |
HP Network Node Manager i | =8.12.004 | |
HP Network Node Manager i | =8.13.005 | |
HP Network Node Manager i | =8.13.006 | |
HP Network Node Manager i | =9.0 | |
HP Network Node Manager i | =9.01 | |
HP Network Node Manager i | =9.02 | |
HP Network Node Manager i | =9.03 | |
HP Network Node Manager i | =9.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-2018 is classified as a cross-site scripting (XSS) vulnerability that allows attackers to inject arbitrary web script or HTML.
To mitigate CVE-2012-2018, it is recommended to upgrade to a fixed version of HP Network Node Manager i that addresses this vulnerability.
CVE-2012-2018 affects HP Network Node Manager i versions 8.x, 9.0x, and 9.1x.
CVE-2012-2018 can be exploited by remote attackers to execute arbitrary web scripts or HTML in the context of the user's browser.
While upgrading is the best solution, restricting access to the affected application may serve as a temporary workaround for CVE-2012-2018.