Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Unauthorized Access |
| Informations | |||
|---|---|---|---|
| Name | HPSBMA02601 SSRT100316 | First vendor Publication | 2010-10-25 |
| Vendor | HP | Last vendor Modification | 2010-10-25 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Potential security vulnerabilities have been identified in HP Insight Control Server Migration for Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), privilege escalation, or unauthorized access. |
Original Source
| Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02563279 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 | |
| Application | 1 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 69186 | HP Insight Control Server Migration Unspecified Remote Data Manipulation HP Insight Control Server Migration contains an unspecified flaw that may allow a remote attacker to obtain sensitive information or manipulate data. No further details have been provided. |
| 69185 | HP Insight Control Server Migration Unspecified Remote Privilege Escalation HP Insight Control Server Migration contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an unspecified error occurs, allowing a remote attacker to gain elevated privileges. |
| 69184 | HP Insight Control Server Migration Unspecified XSS HP Insight Control Server Migration contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
