search menu icon-carat-right cmu-wordmark

CERT Coordination Center

HP Business Service Management 9.12 remote code execution vulnerability

Vulnerability Note VU#859230

Original Release Date: 2012-05-16 | Last Revised: 2012-05-16

Overview

The HP Business Service Management (HPBSM) application contains a remote code execution vulnerability. Version 9.12 has been reported to be affected but other versions may also be affected.

Description

HPBSM uses the JBOSS application server. In the default configuration, HPBSM contains open ports that may be accessed by an unauthenticated attacker. The attacker can upload a jsp-shell as a .war file and have the JBOSS application server deploy it as a service. In the default configuration, this attacker shell will run with SYSTEM privileges.

Impact

An unauthenticated attacker may be able to deploy a backdoor shell with SYSTEM privileges.

Solution

We are currently unaware of a practical solution to this problem. Please consider the following workarounds.

Restrict Access

Implement appropriate firewall rules to block traffic from untrusted sources to TCP ports 4444, 1098, and 1099.

Vendor Information

859230
 
Affected   Unknown   Unaffected

Hewlett-Packard Company

Notified:  April 02, 2012 Updated:  May 14, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal 9.0 E:H/RL:U/RC:UC
Environmental 9 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to David Elze of Daimler TSS for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2012-2561
Date Public: 2012-05-16
Date First Published: 2012-05-16
Date Last Updated: 2012-05-16 14:25 UTC
Document Revision: 17

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.