HP Intelligent Management Center Branch Intelligent Management Module Multiple Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The version of the HP Branch Intelligent Management System module
on the remote host is affected by multiple vulnerabilities.

Description :

The version of the HP Intelligent Management Center Branch Intelligent
Management System module on the remote host is a version prior to 5.2
E0401 and is potentially affected by multiple vulnerabilities :

- The 'bimsDownload' servlet is not protected by
authentication and could be used to access any file on
the system remotely. (CVE-2013-4823)

- The 'UploadServlet' in the BIM module allows
unauthenticated users to remotely upload arbitrary files
to specific locations on the host. (CVE-2013-4822)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-13-238/
http://www.zerodayinitiative.com/advisories/ZDI-13-239/
http://www.nessus.org/u?fba0dff8

Solution :

Upgrade the iMC BIMs module to version 5.2 E0401 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 71891 ()

Bugtraq ID: 62895
62897

CVE ID: CVE-2013-4822
CVE-2013-4823