var-200709-0354
Vulnerability from variot
Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors. Hitachi JP1/CM2/Network Node Manager is prone to a code-execution vulnerability. Hitachi JP1/CM2/Network Node Manager 07-10 through 07-10-5, 08-00 through 08-00-03, and 08-10 are vulnerable.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
Download the free PSI BETA from the Secunia website: https://psi.secunia.com/
TITLE: HP OpenView Products Shared Trace Service Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA26394
VERIFY ADVISORY: http://secunia.com/advisories/26394/
CRITICAL: Moderately critical
IMPACT: System access
WHERE:
From local network
SOFTWARE: HP OpenView Performance Insight (OVPI) 5.x http://secunia.com/product/15212/ HP OpenView Dashboard 2.x http://secunia.com/product/15211/ HP OpenView Business Process Insight (OVBPI) 1.x http://secunia.com/product/15202/ HP OpenView Business Process Insight (OVBPI) 2.x http://secunia.com/product/15203/ HP OpenView Service Desk Process Insight (SDPI) 1.x http://secunia.com/product/15204/ HP OpenView Service Desk Process Insight (SDPI) 2.x http://secunia.com/product/15205/ HP Business Process Insight (HPBPI) 1.x http://secunia.com/product/15207/ HP Business Process Insight (HPBPI) 2.x http://secunia.com/product/15208/ HP Service Desk Process Insight (HPSDPI) 1.x http://secunia.com/product/15209/ HP Service Desk Process Insight (HPSDPI) 2.x http://secunia.com/product/15210/ HP OpenView Network Node Manager (NNM) 6.x http://secunia.com/product/2384/ HP OpenView Network Node Manager (NNM) 7.x http://secunia.com/product/3608/ HP OpenView Service Quality Manager (OV SQM) 1.x http://secunia.com/product/15200/ HP OpenView Operations Manager for Windows (OVOW) 7.x http://secunia.com/product/15199/ HP OpenView Operations HTTPS Agent 8.x http://secunia.com/product/8641/ HP OpenView Reporter 3.x http://secunia.com/product/15198/ HP OpenView Performance Agent http://secunia.com/product/2100/ HP OpenView Performance Manager (OVPM) 5.x http://secunia.com/product/15196/ HP OpenView Performance Manager (OVPM) 6.x http://secunia.com/product/15197/ HP OpenView Internet Service (OVIS) 6.x http://secunia.com/product/15195/
DESCRIPTION: Some vulnerabilities have been reported in HP OpenView products, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to boundary errors within the Shared Trace Service component when handling certain requests. These can be exploited to cause stack-based buffer overflows via sending specially crafted requests to the service.
The vulnerabilities affect the following products and versions: * HP OpenView Internet Service (OVIS) v6.00, v6.10, v6.11 (Japanese), v6.20 running HP OpenView Cross Platform Component (XPL) vB.60.81.00, vB.60.90.00, and vB.61.90.000 * HP OpenView Performance Manager (OVPM) 5.x and 6.x * HP OpenView Performance Agent (OVPA) 4.5 and 4.6 * HP OpenView Reporter 3.7 * HP OpenView Operations (OVO) Agents OVO8.x HTTPS agents * HP OpenView Operations Manager for Windows (OVOW) v7.5 with the OpenView Operations (OVO) add on module for OpenView Operations-Business Availability Center (OVO-BAC) * HP OpenView Quality Manager (OV SQM) v1.2 SP1, v1.3, v1.40 running HP OpenView Cross Platform Component (XPL) 2.60.041, 2.61.060 and 2.61.110 * HP OpenView Network Node Manager (OV NNM) v6.41, v7.01, v7.50 running XPL earlier than 03.10.040 * HP OpenView Business Process Insight (OVBPI), HP Business Process Insight (HPBPI) , HP OpenView Service Desk Process Insight (SDPI), and HP Service Desk Process Insight (HPSDPI) versions 1.0, 1.1x, 2.0x and 2.10x * HP OpenView Dashboard v2.01 running HP OpenView Cross Platform Component (XPL) vB.60.90.00 and vB.61.90.000 * HP OpenView Performance Insight (OVPI) v5.0, v5.1, v5.1.1, v5.1.2, v5.2 running HP OpenView Cross Platform Component (XPL) earlier than v3.10.040
SOLUTION: Apply hotfixes. Please see the vendor's advisories for details.
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Cody Pierce, TippingPoint DV Labs. 2) An anonymous researcher, reported via iDefense Labs.
ORIGINAL ADVISORY: HPSBMA02235 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515
HPSBMA02236 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171
HPSBMA02237 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584
HPSBMA02238 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617
HPSBMA02239 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576
HPSBMA02240 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627
HPSBMA02241 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851
HPSBMA02242 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038
HPSBMA02244 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023
HPSBMA02245 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156
HPSBMA02246 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068
iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. No further information is currently available.
Please see the vendor's advisory for a list of affected products and versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200709-0354",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jp1 cm2 network node manager",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "08_00_02"
},
{
"model": "jp1 cm2 network node manager",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "08_00_10"
},
{
"model": "jp1 cm2 network node manager",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "08_00_03"
},
{
"model": "jp1 cm2 network node manager",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "07_10_02"
},
{
"model": "jp1 cm2 network node manager",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "08_00_01"
},
{
"model": "jp1 cm2 network node manager",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "07_10_01"
},
{
"model": "jp1 cm2 network node manager",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "07_10"
},
{
"model": "jp1 cm2 network node manager",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "07_10_05"
},
{
"model": "jp1 cm2 network node manager",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "08_00"
},
{
"model": "jp1 cm2 network node manager",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "07_10_04"
},
{
"model": "jp1 cm2 network node manager",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "07_10_03"
},
{
"model": "jp1/cm2/network node manager",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10-05"
},
{
"model": "jp1/cm2/network node manager",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10-04"
},
{
"model": "jp1/cm2/network node manager",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10-03"
},
{
"model": "jp1/cm2/network node manager",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10-02"
},
{
"model": "jp1/cm2/network node manager",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"model": "jp1/cm2/network node manager",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10"
},
{
"model": "jp1/cm2/network node manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "jp1/cm2/network node manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "starter edition 250"
},
{
"model": "jp1/cm2/network node manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "starter edition enterprise"
},
{
"model": "jp1/cm2/network node manager start edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00-10"
},
{
"model": "jp1/cm2/network node manager start edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00-03"
},
{
"model": "jp1/cm2/network node manager start edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"model": "jp1/cm2/network node manager start edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"model": "jp1/cm2/network node manager start edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00"
}
],
"sources": [
{
"db": "BID",
"id": "25520"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001092"
},
{
"db": "NVD",
"id": "CVE-2007-4720"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-046"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10:*:hpux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_03:*:hpux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_03:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_05:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:08_00:*:starter:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_02:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_02:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_05:*:hpux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_05:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_01:*:hpux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_01:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_03:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_04:*:hpux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:08_00_01:*:starter:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:08_00_02:*:starter:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_01:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_02:*:hpux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_04:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_04:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:08_00_03:*:starter:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:08_00_10:*:starter:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4720"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor disclosed this issue.",
"sources": [
{
"db": "BID",
"id": "25520"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-046"
}
],
"trust": 0.9
},
"cve": "CVE-2007-4720",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2007-001092",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-4720",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2007-001092",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200709-046",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001092"
},
{
"db": "NVD",
"id": "CVE-2007-4720"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-046"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors. Hitachi JP1/CM2/Network Node Manager is prone to a code-execution vulnerability. \nHitachi JP1/CM2/Network Node Manager 07-10 through 07-10-5, 08-00 through 08-00-03, and 08-10 are vulnerable. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nHP OpenView Products Shared Trace Service Buffer Overflow\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26394\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26394/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nHP OpenView Performance Insight (OVPI) 5.x\nhttp://secunia.com/product/15212/\nHP OpenView Dashboard 2.x\nhttp://secunia.com/product/15211/\nHP OpenView Business Process Insight (OVBPI) 1.x\nhttp://secunia.com/product/15202/\nHP OpenView Business Process Insight (OVBPI) 2.x\nhttp://secunia.com/product/15203/\nHP OpenView Service Desk Process Insight (SDPI) 1.x\nhttp://secunia.com/product/15204/\nHP OpenView Service Desk Process Insight (SDPI) 2.x\nhttp://secunia.com/product/15205/\nHP Business Process Insight (HPBPI) 1.x\nhttp://secunia.com/product/15207/\nHP Business Process Insight (HPBPI) 2.x\nhttp://secunia.com/product/15208/\nHP Service Desk Process Insight (HPSDPI) 1.x\nhttp://secunia.com/product/15209/\nHP Service Desk Process Insight (HPSDPI) 2.x\nhttp://secunia.com/product/15210/\nHP OpenView Network Node Manager (NNM) 6.x\nhttp://secunia.com/product/2384/\nHP OpenView Network Node Manager (NNM) 7.x\nhttp://secunia.com/product/3608/\nHP OpenView Service Quality Manager (OV SQM) 1.x\nhttp://secunia.com/product/15200/\nHP OpenView Operations Manager for Windows (OVOW) 7.x\nhttp://secunia.com/product/15199/\nHP OpenView Operations HTTPS Agent 8.x\nhttp://secunia.com/product/8641/\nHP OpenView Reporter 3.x\nhttp://secunia.com/product/15198/\nHP OpenView Performance Agent\nhttp://secunia.com/product/2100/\nHP OpenView Performance Manager (OVPM) 5.x\nhttp://secunia.com/product/15196/\nHP OpenView Performance Manager (OVPM) 6.x\nhttp://secunia.com/product/15197/\nHP OpenView Internet Service (OVIS) 6.x\nhttp://secunia.com/product/15195/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in HP OpenView products,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nThe vulnerabilities are caused due to boundary errors within the\nShared Trace Service component when handling certain requests. These\ncan be exploited to cause stack-based buffer overflows via sending\nspecially crafted requests to the service. \n\nThe vulnerabilities affect the following products and versions:\n* HP OpenView Internet Service (OVIS) v6.00, v6.10, v6.11 (Japanese),\nv6.20 running HP OpenView Cross Platform Component (XPL) vB.60.81.00,\nvB.60.90.00, and vB.61.90.000\n* HP OpenView Performance Manager (OVPM) 5.x and 6.x\n* HP OpenView Performance Agent (OVPA) 4.5 and 4.6\n* HP OpenView Reporter 3.7\n* HP OpenView Operations (OVO) Agents OVO8.x HTTPS agents\n* HP OpenView Operations Manager for Windows (OVOW) v7.5 with the\nOpenView Operations (OVO) add on module for OpenView\nOperations-Business Availability Center (OVO-BAC)\n* HP OpenView Quality Manager (OV SQM) v1.2 SP1, v1.3, v1.40 running\nHP OpenView Cross Platform Component (XPL) 2.60.041, 2.61.060 and\n2.61.110\n* HP OpenView Network Node Manager (OV NNM) v6.41, v7.01, v7.50\nrunning XPL earlier than 03.10.040\n* HP OpenView Business Process Insight (OVBPI), HP Business Process\nInsight (HPBPI) , HP OpenView Service Desk Process Insight (SDPI),\nand HP Service Desk Process Insight (HPSDPI) versions 1.0, 1.1x, 2.0x\nand 2.10x\n* HP OpenView Dashboard v2.01 running HP OpenView Cross Platform\nComponent (XPL) vB.60.90.00 and vB.61.90.000\n* HP OpenView Performance Insight (OVPI) v5.0, v5.1, v5.1.1, v5.1.2,\nv5.2 running HP OpenView Cross Platform Component (XPL) earlier than\nv3.10.040\n\nSOLUTION:\nApply hotfixes. Please see the vendor\u0027s advisories for details. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Cody Pierce, TippingPoint DV Labs. \n2) An anonymous researcher, reported via iDefense Labs. \n\nORIGINAL ADVISORY:\nHPSBMA02235 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515\n\nHPSBMA02236 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171\n\nHPSBMA02237 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584\n\nHPSBMA02238 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617\n\nHPSBMA02239 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576\n\nHPSBMA02240 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627\n\nHPSBMA02241 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851\n\nHPSBMA02242 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038\n\nHPSBMA02244 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023\n\nHPSBMA02245 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156\n\nHPSBMA02246 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068\n\niDefense Labs:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. No further information is currently available. \n\nPlease see the vendor\u0027s advisory for a list of affected products and\nversions",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4720"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001092"
},
{
"db": "BID",
"id": "25520"
},
{
"db": "PACKETSTORM",
"id": "58426"
},
{
"db": "PACKETSTORM",
"id": "59014"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4720",
"trust": 2.7
},
{
"db": "BID",
"id": "25520",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "26668",
"trust": 2.6
},
{
"db": "HITACHI",
"id": "HS07-030",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "37859",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-3035",
"trust": 1.6
},
{
"db": "XF",
"id": "36374",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001092",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200709-046",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "26394",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58426",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "59014",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "25520"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001092"
},
{
"db": "PACKETSTORM",
"id": "58426"
},
{
"db": "PACKETSTORM",
"id": "59014"
},
{
"db": "NVD",
"id": "CVE-2007-4720"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-046"
}
]
},
"id": "VAR-200709-0354",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.15072303
},
"last_update_date": "2023-12-18T13:45:07.177000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HS07-030",
"trust": 0.8,
"url": "http://www.hitachi-support.com/security_e/vuls_e/hs07-030_e/index-e.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001092"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001092"
},
{
"db": "NVD",
"id": "CVE-2007-4720"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/26668"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/25520"
},
{
"trust": 2.0,
"url": "http://www.hitachi-support.com/security_e/vuls_e/hs07-030_e/index-e.html"
},
{
"trust": 1.6,
"url": "http://osvdb.org/37859"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/3035"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/36374"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/3035"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36374"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4720"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4720"
},
{
"trust": 0.3,
"url": "http://www.hds.com/products/storage-software/hitachi-device-manager.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/26394/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2384/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15200/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15197/"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01110627"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01112038"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15202/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15208/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15210/"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01109617"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15196/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15209/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15195/"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01106515"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15203/"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01115068"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3608/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15199/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15205/"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01114023"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15212/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15207/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15211/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15204/"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01109171"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15198/"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01111851"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01109584"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01114156"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8641/"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01110576"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2100/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9570/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26668/"
}
],
"sources": [
{
"db": "BID",
"id": "25520"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001092"
},
{
"db": "PACKETSTORM",
"id": "58426"
},
{
"db": "PACKETSTORM",
"id": "59014"
},
{
"db": "NVD",
"id": "CVE-2007-4720"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-046"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "25520"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001092"
},
{
"db": "PACKETSTORM",
"id": "58426"
},
{
"db": "PACKETSTORM",
"id": "59014"
},
{
"db": "NVD",
"id": "CVE-2007-4720"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-046"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-09-03T00:00:00",
"db": "BID",
"id": "25520"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001092"
},
{
"date": "2007-08-11T21:26:09",
"db": "PACKETSTORM",
"id": "58426"
},
{
"date": "2007-09-05T02:20:04",
"db": "PACKETSTORM",
"id": "59014"
},
{
"date": "2007-09-05T19:17:00",
"db": "NVD",
"id": "CVE-2007-4720"
},
{
"date": "2007-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200709-046"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-07T17:35:00",
"db": "BID",
"id": "25520"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001092"
},
{
"date": "2017-07-29T01:33:08.397000",
"db": "NVD",
"id": "CVE-2007-4720"
},
{
"date": "2007-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200709-046"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200709-046"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JP1/Cm2/Network Node Manager Arbitrary Code Execution Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001092"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200709-046"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.