CVE-2011-0271

HIGH

Description

The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability."

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=887

http://www.securityfocus.com/archive/1/515628

http://www.securityfocus.com/bid/45762

http://www.securitytracker.com/id?1024951

http://www.vupen.com/english/advisories/2011/0085

https://exchange.xforce.ibmcloud.com/vulnerabilities/64657

Details

Source: MITRE

Published: 2011-01-13

Updated: 2017-08-17

Type: CWE-78

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH