5.8 - HPSBUX02755 SSRT100667

Executive Summary

Summary
Title	HP-UX WBEM, Remote Unauthorized Access to Diagnostic Data

Informations
Name	HPSBUX02755 SSRT100667	First vendor Publication	2012-03-27
Vendor	HP	Last vendor Modification	2012-03-27
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Cvss Base Score	5.8	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A potential security vulnerability has been identified with certain HP-UX WBEM components. The vulnerability could be exploited remotely in HP-UX 11.11 and HP-UX 11.23 to gain unauthorized access to diagnostic data. The vulnerability could be exploited locally in HP-UX 11.31 to gain unauthorized access to diagnostic data.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03221589

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19616

Oval ID:	oval:org.mitre.oval:def:19616
Title:	HP-UX WBEM, Remote Unauthorized Access to Diagnostic Data
Description:	Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2012-0125	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02755 HP-UX B.11.31 AND filesets tests SFM-CORE.SFM_PRO_PA version is less than C.07.06.03 AND SFM-CORE.SFM_PRO_IA version is less than C.07.06.03 AND SFM-CORE.CPU-TEST-IA version is less than C.07.06.03 AND SFM-CORE.CTR_PRO_COMM version is less than C.07.06.03 AND SFM-CORE.CTR_PRO_COREIA version is less than C.07.06.03 AND SFM-CORE.CTR_PRO_COREPA version is less than C.07.06.03 AND SFM-CORE.EMT_COREIA version is less than C.07.06.03 AND SFM-CORE.EMT_COREPA version is less than C.07.06.03 AND SFM-CORE.EMT_DOC version is less than C.07.06.03 AND SFM-CORE.EVM_PRO_COMM version is less than C.07.06.03 AND SFM-CORE.EVM_PRO_COREIA version is less than C.07.06.03 AND SFM-CORE.EVM_PRO_COREPA version is less than C.07.06.03 AND SFM-CORE.EVWEB_COMM version is less than C.07.06.03 AND SFM-CORE.EVWEB_COREIA version is less than C.07.06.03 AND SFM-CORE.EVWEB_COREPA version is less than C.07.06.03 AND SFM-CORE.EVWEB_DOC version is less than C.07.06.03 AND SFM-CORE.EVWEB_GUI_COMM version is less than C.07.06.03 AND SFM-CORE.EVWEB_GUI_IA version is less than C.07.06.03 AND SFM-CORE.EVWEB_GUI_PA version is less than C.07.06.03 AND SFM-CORE.FMD_PRO_COMM version is less than C.07.06.03 AND SFM-CORE.FMD_PRO_COREIA version is less than C.07.06.03 AND SFM-CORE.FMD_PRO_COREPA version is less than C.07.06.03 OR Criteria meets HP Security Bulletin HPSBUX02755 HP-UX B.11.31 AND filesets tests SFM-JOEM-CORE.SFM_PRO_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.CTR_PRO_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EMT_CORE_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EMT_DOC_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EMT_MAN_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EVM_PRO_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EVWEB_COR_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EVWEB_DOC_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EVWEB_GUI_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EVWEB_MAN_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.FMD_PRO_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.GS_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.MISC_CORE_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.SFM_JOEM_MAN version is less than C.07.06.03 AND SFM-JOEM-CORE.SFM_PRO_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.SFM_PRO_JOEM version is less than C.07.06.03 OR Criteria meets HP Security Bulletin HPSBUX02755 HP-UX B.11.31 AND RAIDSA-PROVIDER.RAIDSA-PROV-RUN version is less than B.11.31.1203.06.02 OR Criteria meets HP Security Bulletin HPSBUX02755 HP-UX B.11.31 AND filesets tests WBEMP-Storage.STORAGE-IP-LIB version is less than B.11.31.1203.07.02 AND WBEMP-Storage.STORAGE-IP-RUN version is less than B.11.31.1203.07.02 AND WBEMP-Storage.STORAGE-LWE-RUN version is less than B.11.31.1203.07.02 AND WBEMP-Storage.STORAGE-PROV-LIB version is less than B.11.31.1203.07.02 AND WBEMP-Storage.STORAGE-PROV-RUN version is less than B.11.31.1203.07.02 OR Criteria meets HP Security Bulletin HPSBUX02755 HP-UX B.11.31 AND filesets tests WBEMP-FCP.CSP-LIB version is less than B.11.31.1203.06.02 AND WBEMP-FCP.CSP-LIB version is less than B.11.31.1203.06.02 AND WBEMP-FCP.CSP-RUN version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-IP-LIB version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-IP-LIB version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-IP-RUN version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-IP-RUN version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-LIB version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-LIB version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-NIP-LIB version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-NIP-RUN version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-RUN version is less than B.11.31.1203.06.02 OR Criteria meets HP Security Bulletin HPSBUX02755 HP-UX B.11.31 AND SAS-PROVIDER.SAS-PROVIDER-RUN version is less than B.11.31.1203.05.02 OR Criteria meets HP Security Bulletin HPSBUX02755 HP Release B.11.23 AND filesets tests SysFaultMgmt.SFM-CORE.SFM_PRO_PA version is less than B.07.06.01.02 AND SysFaultMgmt.SFM-CORE.SFM_PRO_IA version is less than B.07.06.01.02 OR Criteria meets HP Security Bulletin HPSBUX02755 HP Release B.11.11 AND SysFaultMgmt.SFM-CORE.SFM_PRO_PA version is less than A.04.04.03.02

Definition Id: oval:org.mitre.oval:def:19626

Oval ID:	oval:org.mitre.oval:def:19626
Title:	HP-UX WBEM, Remote Unauthorized Access to Diagnostic Data
Description:	Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2012-0126	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02755 HP-UX B.11.31 AND filesets tests SFM-CORE.SFM_PRO_PA version is less than C.07.06.03 AND SFM-CORE.SFM_PRO_IA version is less than C.07.06.03 AND SFM-CORE.CPU-TEST-IA version is less than C.07.06.03 AND SFM-CORE.CTR_PRO_COMM version is less than C.07.06.03 AND SFM-CORE.CTR_PRO_COREIA version is less than C.07.06.03 AND SFM-CORE.CTR_PRO_COREPA version is less than C.07.06.03 AND SFM-CORE.EMT_COREIA version is less than C.07.06.03 AND SFM-CORE.EMT_COREPA version is less than C.07.06.03 AND SFM-CORE.EMT_DOC version is less than C.07.06.03 AND SFM-CORE.EVM_PRO_COMM version is less than C.07.06.03 AND SFM-CORE.EVM_PRO_COREIA version is less than C.07.06.03 AND SFM-CORE.EVM_PRO_COREPA version is less than C.07.06.03 AND SFM-CORE.EVWEB_COMM version is less than C.07.06.03 AND SFM-CORE.EVWEB_COREIA version is less than C.07.06.03 AND SFM-CORE.EVWEB_COREPA version is less than C.07.06.03 AND SFM-CORE.EVWEB_DOC version is less than C.07.06.03 AND SFM-CORE.EVWEB_GUI_COMM version is less than C.07.06.03 AND SFM-CORE.EVWEB_GUI_IA version is less than C.07.06.03 AND SFM-CORE.EVWEB_GUI_PA version is less than C.07.06.03 AND SFM-CORE.FMD_PRO_COMM version is less than C.07.06.03 AND SFM-CORE.FMD_PRO_COREIA version is less than C.07.06.03 AND SFM-CORE.FMD_PRO_COREPA version is less than C.07.06.03 OR Criteria meets HP Security Bulletin HPSBUX02755 HP-UX B.11.31 AND filesets tests SFM-JOEM-CORE.SFM_PRO_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.CTR_PRO_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EMT_CORE_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EMT_DOC_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EMT_MAN_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EVM_PRO_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EVWEB_COR_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EVWEB_DOC_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EVWEB_GUI_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.EVWEB_MAN_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.FMD_PRO_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.GS_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.MISC_CORE_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.SFM_JOEM_MAN version is less than C.07.06.03 AND SFM-JOEM-CORE.SFM_PRO_JOEM version is less than C.07.06.03 AND SFM-JOEM-CORE.SFM_PRO_JOEM version is less than C.07.06.03 OR Criteria meets HP Security Bulletin HPSBUX02755 HP-UX B.11.31 AND RAIDSA-PROVIDER.RAIDSA-PROV-RUN version is less than B.11.31.1203.06.02 OR Criteria meets HP Security Bulletin HPSBUX02755 HP-UX B.11.31 AND filesets tests WBEMP-Storage.STORAGE-IP-LIB version is less than B.11.31.1203.07.02 AND WBEMP-Storage.STORAGE-IP-RUN version is less than B.11.31.1203.07.02 AND WBEMP-Storage.STORAGE-LWE-RUN version is less than B.11.31.1203.07.02 AND WBEMP-Storage.STORAGE-PROV-LIB version is less than B.11.31.1203.07.02 AND WBEMP-Storage.STORAGE-PROV-RUN version is less than B.11.31.1203.07.02 OR Criteria meets HP Security Bulletin HPSBUX02755 HP-UX B.11.31 AND filesets tests WBEMP-FCP.CSP-LIB version is less than B.11.31.1203.06.02 AND WBEMP-FCP.CSP-LIB version is less than B.11.31.1203.06.02 AND WBEMP-FCP.CSP-RUN version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-IP-LIB version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-IP-LIB version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-IP-RUN version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-IP-RUN version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-LIB version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-LIB version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-NIP-LIB version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-NIP-RUN version is less than B.11.31.1203.06.02 AND WBEMP-FCP.FCP-RUN version is less than B.11.31.1203.06.02 OR Criteria meets HP Security Bulletin HPSBUX02755 HP-UX B.11.31 AND SAS-PROVIDER.SAS-PROVIDER-RUN version is less than B.11.31.1203.05.02 OR Criteria meets HP Security Bulletin HPSBUX02755 HP Release B.11.23 AND filesets tests SysFaultMgmt.SFM-CORE.SFM_PRO_PA version is less than B.07.06.01.02 AND SysFaultMgmt.SFM-CORE.SFM_PRO_IA version is less than B.07.06.01.02 OR Criteria meets HP Security Bulletin HPSBUX02755 HP Release B.11.11 AND SysFaultMgmt.SFM-CORE.SFM_PRO_PA version is less than A.04.04.03.02

CPE : Common Platform Enumeration

Type	Description	Count
Os	Hp Hp-Ux cpe:2.3:o:hp:hp-ux:11.31:::::::* cpe:2.3:o:hp:hp-ux:11.23:::::::* cpe:2.3:o:hp:hp-ux:11.11:::::::*	3

Global Informations

Type	Count
Oval ID(s)	2
CPE ID(s)	3

	Related
5.8	CVE-2012-0126
3.3	CVE-2012-0125
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

5.8 - HPSBUX02755 SSRT100667

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU