Vulnerability Note VU#324668
HP Insight Diagnostics 8.20 b2878 multiple vulnerabilities
HP Insight Diagnostics 8.20 b2878 and possibly earlier versions contains multiple vulnerabilities.
It has been reported that HP Insight Diagnostics 8.20 b2878 and possibly earlier versions contains multiple vulnerabilities that can be exploited by a remote attacker to execute arbitrary PHP code thus arbitrary commands with administrative privileges.
CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') - CVE-2013-3573
By combining these vulnerabilities, an authenticated remote attacker may be able to execute arbitrary commands on the server with administrator privileges.
We are currently unaware of a practical solution to this problem.
Restrict Network Access
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hewlett-Packard Company||Affected||05 Apr 2013||06 Jun 2013|
CVSS Metrics (Learn More)
Thanks to Markus Wulftange from Daimler TSS for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2013-3573 CVE-2013-3574 CVE-2013-3575
- Date Public: 10 Jun 2013
- Date First Published: 10 Jun 2013
- Date Last Updated: 30 Jul 2014
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.