HP Service Manager身份验证绕过漏洞

admin
admin
admin
0
文章
0
评论
2023-12-07 15:33:37 Ali_nvd 来源:ZONE.CI 全球网 0 阅读模式
HP Service Manager身份验证绕过漏洞

CVE编号

CVE-2013-4808

利用情况

暂无

补丁情况

N/A

披露时间

2013-08-18
漏洞描述
HP Service Manager是ITSM的核心软件。 HP Service Manager v9.31, v9.30, v9.21, v7.11存在允许未经身份验证访问和权限提升漏洞攻击者可利用此漏洞在未经身份验证的情况下访问受影响应用并以提升的权限执行未授权操作。
解决建议
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:SM 9.31P2 Server platformPatch URLWindows Server 9.31.2004 p2http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00423HP Itanium Server 9.31.2004 p2http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00420Linux Server 9.31.2004 p2http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00421Solaris Server 9.31.2004 p2http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00422AIX Server 9.31.2004 p2http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00419SM 9.31P2 Web TierPatch URLWeb Tier 9.31.2004 p2http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00424SM 9.30P5 Server platformPatch URLWindows Server 9.30.511 p5http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00351HP Itanium Server 9.30.511 p5http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00348Linux Server 9.30.511 p5http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00349Solaris Server 9.30.511 p5http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00350AIX Server 9.30.511 p5http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00347SM 9.30P5 Web TierPatch URLWeb Tier 9.30.511 p5http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00352SM 9.30AP3 ApplicationsPatch URLApplications 9.30 ap3http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00367SM 9.21P7 Server platformPatch URLWindows Server 9.21.624 p7http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00434HP Itanium Server 9.21.624 p7http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00430HP Parisc Server 9.21.624 p7http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00431Linux Server 9.21.624 p7http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00432Solaris Server 9.21.624 p7http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00433AIX Server 9.21.624 p7http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00429SM 9.21P7 Web TierPatch URLWeb Tier 9.21.624 p7http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00435SM 9.21AP3 ApplicationsPatch URLApplications 9.21 ap3http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00393SM 7.11P20 Server platformPatch URLWindows Server 7.11.604 p20http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00408HP Itanium Server 7.11.604 p20http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00404HP Parisc Server 7.11.604 p20http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00405Linux Server 7.11.604 p20http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00406Solaris Server 7.11.604 p20http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00407AIX Server 7.11.604 p20http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00403SM 7.11P20 Web TierPatch URLWeb Tier 7.11.604 p20http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00409SM 7.11AP3 ApplicationsPatch URLApplications 7.11 ap3http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00383SC6.2.8.12 Server platformPatch URLAix Server 6.2.8.12http://support.openview.hp.com/selfsolve/document/LID/HPSC_00263HP Itanium Server 6.2.8.12http://support.openview.hp.com/selfsolve/document/LID/HPSC_00264HP parisc Server 6.2.8.12http://support.openview.hp.com/selfsolve/document/LID/HPSC_00265Linux Server 6.2.8.12http://support.openview.hp.com/selfsolve/document/LID/HPSC_00266Solaris Server 6.2.8.12http://support.openview.hp.com/selfsolve/document/LID/HPSC_00267Windows Server 6.2.8.12http://support.openview.hp.com/selfsolve/document/LID/HPSC_00268SC6.2.8.12 Web TierPatch URLWeb Tier 6.2.8.12http://support.openview.hp.com/selfsolve/document/LID/HPSC_00269
参考链接
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay...
http://secunia.com/advisories/54546
http://www.securitytracker.com/id/1028912
https://exchange.xforce.ibmcloud.com/vulnerabilities/86444
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 hp service_center 6.2.8 -
运行在以下环境
应用 hp service_manager 7.11 -
运行在以下环境
应用 hp service_manager 9.21 -
运行在以下环境
应用 hp service_manager 9.30 -
运行在以下环境
应用 hp service_manager 9.31 -
CVSS3评分 10.0
  • 攻击路径 网络
  • 攻击复杂度 低
  • 权限要求 无
  • 影响范围 N/A
  • 用户交互 无
  • 可用性 完全地
  • 保密性 完全地
  • 完整性 完全地
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-ID 漏洞类型
NVD-CWE-noinfo
- avd.aliyun.com
weinxin
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
安全领域涉猎者-乌云独行地带
N/A Ali_nvd

N/A

N/ACVE编号 CVE-2024-9120利用情况 暂无补丁情况 N/A披露时间 2024-09-23漏洞描述Use after free in Dawn
09-260 评论
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
评论:0   参与:  0