CVE-2012-2561

critical

Description

HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.

References

http://www.securitytracker.com/id?1027075

http://www.securityfocus.com/bid/53556

http://www.kb.cert.org/vuls/id/859230

http://secunia.com/advisories/49218

http://osvdb.org/81981

http://marc.info/?l=bugtraq&m=134013352316810&w=2

Details

Source: Mitre, NVD

Published: 2012-05-21

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.04326