HP OpenView Communication Broker Arbitrary File Deletion (HPSBMU02691)

medium Nessus Plugin ID 70171

Synopsis

The remote web server has an arbitrary file deletion vulnerability.

Description

According to its self-reported version, the version of the HP OpenView Communication Broker service running on the remote host has a vulnerability that could allow an unauthenticated attacker to delete arbitrary files on the system. Successful exploits will result in a denial of service condition or the corruption of applications running on the affected system.

Note that the Communication Broker can be found in various HP products such as HP Operations Agent, HP OpenView Performance Agent, and HP SiteScope.

Solution

Apply the relevant update referenced in HP Security Bulletin HPSBMU02691.

See Also

http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt

http://www.nessus.org/u?ebf8f8f8

Plugin Details

Severity: Medium

ID: 70171

File Name: hp_openview_bbc_file_deletion.nasl

Version: 1.5

Type: remote

Family: Misc.

Published: 9/27/2013

Updated: 7/12/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.5

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: cpe:/a:hp:openview

Required KB Items: Settings/ParanoidReport, Services/ovbbc

Exploit Ease: No known exploits are available

Patch Publication Date: 7/27/2011

Vulnerability Publication Date: 7/27/2011

Reference Information

CVE: CVE-2011-2608

BID: 48481

HP: HPSBMU02691, SSRT100483, emr_na-c02941034