What is CVE-2010-0447?

CVE-2010-0447 is a vulnerability in Hp Openview_performance_insight, classified under Improper Authentication. Published 2010-03-10.

Is CVE-2010-0447 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Hp Openview_performance_insight

CVE-2010-0447

The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upl…

Vulnerability class: Broken Authentication

EPSS: 0.062 (91.0th percentile) — read the EPSS interpretation.

Affected products

Hp Openview_performance_insight
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

HPSBMA02489 (x_refsource_HP, vendor-advisory)
62797 (x_refsource_OSVDB, vdb-entry)
38899 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
20100309 ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)
38611 (vdb-entry, x_refsource_BID)
ADV-2010-0555 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
hp-security-alert@hp.com (x_refsource_MISC)
hp-performance-unspec-command-exec(56757) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2010-0447?: CVE-2010-0447 is a vulnerability in Hp Openview_performance_insight, classified under Improper Authentication. Published 2010-03-10.
Is CVE-2010-0447 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.