HP Operations Manager 9.10 / 9.11 / 9.20 Multiple RCE

Critical Nessus Plugin ID 78512


The remote host is missing vendor-supplied security patches.


The version of HP Operations Manager for Unix installed on the remote host is 9.10, 9.11, or 9.20 without the vendor-supplied patches. It is, therefore, affected by multiple unspecified flaws that allow an unauthenticated, remote attacker to execute arbitrary code.


Apply the relevant patches referenced in the vendor advisory.

See Also


Plugin Details

Severity: Critical

ID: 78512

File Name: hp_operations_manager_HPSMBU03127.nasl

Version: $Revision: 1.7 $

Type: local

Family: Misc.

Published: 2014/10/16

Modified: 2017/01/20

Dependencies: 96607

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:hp:operations_manager

Required KB Items: installed_sw/HPOM_Linux

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/10/08

Vulnerability Publication Date: 2014/10/08

Reference Information

CVE: CVE-2014-2648, CVE-2014-2649

BID: 70350, 70353

OSVDB: 113004, 113005

HP: emr_na-c04472866, HPSBMU03127, SSRT101727

IAVB: 2014-B-0145