HP Intelligent Management Center APM Module < 7.0 E0101 SQL Injection

high Nessus Plugin ID 71890

Synopsis

The version of the HP Intelligent Management Center Application Performance Manager module on the remote host is affected by a SQL injection vulnerability.

Description

The version of the HP Intelligent Management Center Application Performance Manager Module on the remote host does not properly sanitize the 'monitorId' parameter in the 'AppDataDaoImpl' class, allowing for remote SQL injection attacks.

Solution

Upgrade to the iMC APM module to version 7.0 E0101 or later.

See Also

http://www.nessus.org/u?4d029e6b

https://www.zerodayinitiative.com/advisories/ZDI-13-243/

Plugin Details

Severity: High

ID: 71890

File Name: hp_imc_apm_70_e0101.nasl

Version: 1.5

Type: remote

Family: Misc.

Published: 1/9/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:hp:intelligent_management_center

Exploit Ease: No known exploits are available

Patch Publication Date: 9/30/2013

Vulnerability Publication Date: 10/8/2013

Reference Information

CVE: CVE-2013-4827

BID: 62900