HP OpenView Communication Broker Arbitrary File Deletion (HPSBMU02691)

Medium Nessus Plugin ID 70171


The remote web server has an arbitrary file deletion vulnerability.


According to its self-reported version, the version of the HP OpenView Communication Broker service running on the remote host has a vulnerability that could allow an unauthenticated attacker to delete arbitrary files on the system. Successful exploits will result in a denial of service condition or the corruption of applications running on the affected system.

Note that the Communication Broker can be found in various HP products such as HP Operations Agent, HP OpenView Performance Agent, and HP SiteScope.


Apply the relevant update referenced in HP Security Bulletin HPSBMU02691.

See Also



Plugin Details

Severity: Medium

ID: 70171

File Name: hp_openview_bbc_file_deletion.nasl

Version: $Revision: 1.4 $

Type: remote

Family: Misc.

Published: 2013/09/27

Modified: 2014/10/24

Dependencies: 22318

Risk Information

Risk Factor: Medium


Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:openview

Required KB Items: Services/ovbbc, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/07/27

Vulnerability Publication Date: 2011/07/27

Reference Information

CVE: CVE-2011-2608

BID: 48481

OSVDB: 73502

HP: HPSBMU02691, SSRT100483, emr_na-c02941034