This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hp First view 2010-03-10
Product Openview Performance Insight Last view 2011-08-19
Version 5.4 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:hp:openview_performance_insight

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2011-08-19 CVE-2011-2410

Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.4 2011-08-11 CVE-2011-2407

Unspecified vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to obtain access via unknown vectors.

3.5 2011-08-11 CVE-2011-2406

Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

10 2011-02-01 CVE-2011-0276

HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.

10 2010-03-10 CVE-2010-0447

The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
33% (1) CWE-287 Improper Authentication

SAINT Exploits

Description Link
HP OpenView Performance Insight Server Backdoor Account More info here

Open Source Vulnerability Database (OSVDB)

id Description
74669 HP OpenView Performance Insight Unspecified XSS
74395 HP OpenView Performance Insight Unspecified Access Restriction Bypass
74394 HP OpenView Performance Insight Unspecified Arbitrary Code Execution
70754 HP OpenView Performance Insight com.trinagy.security.XMLUserManager Default A...
62797 HP OpenView Performance Insight helpmanager Servlet JSP Document Upload Arbit...

OpenVAS Exploits

id Description
2011-08-16 Name : HP OpenView Performance Insight Security Bypass and HTML Injection Vulnerabil...
File : nvt/gb_hp_performance_insight_49096.nasl
2011-02-03 Name : HP OpenView Performance Insight Server 'doPost()' Remote Arbitrary Code Execu...
File : nvt/gb_hp_performance_insight_46079.nasl

Snort® IPS/IDS

Date Description
2014-01-10 HP OpenView Performance Insight Server backdoor account code execution attempt
RuleID : 18560 - Type : SERVER-WEBAPP - Revision : 8
2014-01-10 HP OpenView Performance Insight Server backdoor account code execution attempt
RuleID : 18559 - Type : SERVER-WEBAPP - Revision : 9

Nessus® Vulnerability Scanner

id Description
2011-08-12 Name: A web application running on the remote host has a cross-site scripting vulne...
File: hp_openview_perf_insight_sendemail_xss.nasl - Type: ACT_ATTACK
2011-02-02 Name: It is possible to log on the remote web application by using a hidden account.
File: hp_openview_perf_insight_backdoor.nasl - Type: ACT_ATTACK