Release date:
Updated on:
Affected Systems:
HP Systems Insight Manager 6.x
HP Systems Insight Manager 5.x
HP Systems Insight Manager 4.x
Unaffected system:
HP Systems Insight Manager 7.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53315
Cve id: CVE-2012-1994, CVE-2012-1995, CVE-2012-1996, CVE-2012-1997, CVE-2012-1998
HP Systems Insight Manager is a solution for managing HP servers and storage.
In versions earlier than HP Systems Insight Manager 7.0, illegal access, information leakage, Cross-Site Request Forgery, remote permission escalation, URL redirection, and identity verification bypass multiple remote security vulnerabilities, attackers can exploit these vulnerabilities to perform illegal operations, obtain sensitive information, bypass security restrictions, escalate permissions, and redirect users to malicious websites.
<* Source: HP
Link: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
HP
--
HP has released a Security Bulletin (HPSBMU02769) for this purpose and the corresponding patch:
HPSBMU02769: SSRT100846 rev.1-HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, and Other Vulnerabilities
Link: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/