HP Intelligent Management Center User Access Manager < 5.0 E0101P03 Code Execution Vulnerability

Critical Nessus Network Monitor Plugin ID 5983


The remote host has an application installed that is vulnerable to a code execution attack.


Versions of HP Intelligent Management Center User Access Manager earlier than 5.0 E0101P03 are potentially affected by a code execution vulnerability in the 'iNOdeMngChecker.exe' component which listens by default on TCP port 9090 because the application fails to validate user supplied data when handling a '0x0A0BF007' packet type. A remote unauthenticated attacker, exploiting this flaw, could potentially execute arbitrary code on the remote host subject to the privileges of the user running the affected application.


Upgrade to HP Intelligent Management Center User Access Manager 5.0 E0101P03 or later.

See Also



Plugin Details

Severity: Critical

ID: 5983

File Name: 5983.prm

Family: Generic

Published: 2011/07/08

Modified: 2016/01/19

Dependencies: 5926

Nessus ID: 55577

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 9.8

Temporal Score: 8.5


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2011/06/30

Vulnerability Publication Date: 2011/07/01

Exploitable With

CANVAS (White_Phosphorus)

Reference Information

CVE: CVE-2011-1867

BID: 48527

OSVDB: 73597