HP Intelligent Management Center APM Module < 7.0 E0101 SQL Injection

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The version of the HP Intelligent Management Center Application
Performance Manager module on the remote host is affected by a SQL
injection vulnerability.

Description :

The version of the HP Intelligent Management Center Application
Performance Manager Module on the remote host does not properly sanitize
the 'monitorId' parameter in the 'AppDataDaoImpl' class, allowing for
remote SQL injection attacks.

See also :

http://www.nessus.org/u?4ad86b35
http://www.zerodayinitiative.com/advisories/ZDI-13-243/

Solution :

Upgrade to the iMC APM module to version 7.0 E0101 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 71890 ()

Bugtraq ID: 62900

CVE ID: CVE-2013-4827

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now