HP-UX PHSS_38147 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 19

High Nessus Plugin ID 39377

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.2

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 19 :

The remote HP-UX host is affected by multiple vulnerabilities :

- Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to gain unauthorized access or to create a Denial of Service (DoS). References: CVE-2007-3698, CVE-2007-3922, SUN Alert 102995, 102997. (HPSBMA02384 SSRT071465)

- A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to create a Denial of Service (DoS). (HPSBMA02392 SSRT071481)

- Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to allow cross site scripting (XSS). (HPSBMA02388 SSRT080059)

Solution

Install patch PHSS_38147 or subsequent.

See Also

http://www.nessus.org/u?4abf7ab6

http://www.nessus.org/u?04c58123

http://www.nessus.org/u?fb0e7f7d

Plugin Details

Severity: High

ID: 39377

File Name: hpux_PHSS_38147.nasl

Version: 1.26

Type: local

Published: 2009/06/15

Updated: 2018/07/12

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.2

CVSS v2.0

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2008/11/19

Vulnerability Publication Date: 2007/07/11

Reference Information

CVE: CVE-2007-3698, CVE-2007-3922, CVE-2007-4349, CVE-2007-5000, CVE-2007-6388

BID: 26838, 27237

HP: emr_na-c01601492, emr_na-c01607558, emr_na-c01607570, SSRT071465, SSRT071481, SSRT080059

CWE: 79