HP OpenView Communication Broker Arbitrary File Deletion (HPSBMU02691)

Medium Nessus Plugin ID 70171

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 3.7

Synopsis

The remote web server has an arbitrary file deletion vulnerability.

Description

According to its self-reported version, the version of the HP OpenView Communication Broker service running on the remote host has a vulnerability that could allow an unauthenticated attacker to delete arbitrary files on the system. Successful exploits will result in a denial of service condition or the corruption of applications running on the affected system.

Note that the Communication Broker can be found in various HP products such as HP Operations Agent, HP OpenView Performance Agent, and HP SiteScope.

Solution

Apply the relevant update referenced in HP Security Bulletin HPSBMU02691.

See Also

http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt

http://www.nessus.org/u?ebf8f8f8

Plugin Details

Severity: Medium

ID: 70171

File Name: hp_openview_bbc_file_deletion.nasl

Version: 1.5

Type: remote

Family: Misc.

Published: 2013/09/27

Updated: 2018/07/12

Dependencies: 22318

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

VPR Score: 3.7

CVSS v2.0

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:openview

Required KB Items: Services/ovbbc, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2011/07/27

Vulnerability Publication Date: 2011/07/27

Reference Information

CVE: CVE-2011-2608

BID: 48481

HP: HPSBMU02691, SSRT100483, emr_na-c02941034