|
Description
|
|
Multiple vulnerabilities have been reported in HP Intelligent Management Center (IMC), which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a vulnerable system.
1) Certain unspecified input passed to imc/topo/topoContent.jsf is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Some errors within the "FaultDownloadServlet", "ReportImgServlet", "IctDownloadServlet", "DownloadReportSourceServlet", "DownloadServlet", "acmServletDownload", "tamServletDownload", "SyslogDownloadServlet", and "RssServlet" servlets can be exploited to disclose the contents of arbitrary file and gain access to administrative credentials.
3) Some errors in the "mibFileUpload" and "flexFileUpload" servlets can be exploited to upload arbitrary files to arbitrary locations.
4) An error within the communication channel mechanism when handling communication between the JavaService server and the Monitoring Deployment Agent can be exploited to disclose administrative credentials.
The vulnerabilities are reported in HP Intelligent Management Center (IMC) Standard and Enterprise Editions versions prior to 5.1 E0202 and HP Intelligent Management Center (IMC) TACACS+ Authentication Manager and User Access Manager versions prior to 5.1.
|
