HP Intelligent Management Center APM Module < 7.0 E0101 SQL Injection

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The version of the HP Intelligent Management Center Application
Performance Manager module on the remote host is affected by a SQL
injection vulnerability.

Description :

The version of the HP Intelligent Management Center Application
Performance Manager Module on the remote host does not properly sanitize
the 'monitorId' parameter in the 'AppDataDaoImpl' class, allowing for
remote SQL injection attacks.

See also :

http://www.nessus.org/u?79290a02
http://www.zerodayinitiative.com/advisories/ZDI-13-243/

Solution :

Upgrade to the iMC APM module to version 7.0 E0101 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 71890 ()

Bugtraq ID: 62900

CVE ID: CVE-2013-4827