HP Intelligent Management Center Branch Intelligent Management Module Information Disclosure

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

A web application hosted on the remote web server is affected by an
information disclosure vulnerability.

Description :

An information disclosure vulnerability in the 'bimsDownload' servlet
included with the HP Intelligent Management Center Branch Intelligent
Management Module allows for arbitrary files to be accessed remotely on
the host.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-13-239/
http://www.nessus.org/u?fba0dff8

Solution :

Upgrade the iMC BIMs module to version 5.2 E0401 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 71887 ()

Bugtraq ID: 62897

CVE ID: CVE-2013-4823