CVE-2009-4000

Опубликовано: 20 янв. 2010

Источник: nvd

CVSS2: 10

EPSS Средний

Описание

Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.

Ссылки

http://marc.info/?l=bugtraq&m=126393370331959&w=2
Vendor Advisory
http://secunia.com/advisories/37280
Vendor Advisory
http://secunia.com/secunia_research/2009-48/
Vendor Advisory
http://securitytracker.com/id?1023470
http://www.securityfocus.com/bid/37873
http://marc.info/?l=bugtraq&m=126393370331959&w=2
Vendor Advisory
http://secunia.com/advisories/37280
Vendor Advisory
http://secunia.com/secunia_research/2009-48/
Vendor Advisory
http://securitytracker.com/id?1023470
http://www.securityfocus.com/bid/37873

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hp:power_manager:*:*:*:*:*:*:*:*

Версия до 4.2.9 (включая)

cpe:2.3:a:hp:power_manager:4.2.5:*:*:*:*:*:*:*

cpe:2.3:a:hp:power_manager:4.2.6:*:*:*:*:*:*:*

cpe:2.3:a:hp:power_manager:4.2.7:*:*:*:*:*:*:*

cpe:2.3:a:hp:power_manager:4.2.8:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.31575

Средний

10 Critical

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-c9fx-632j-32qj

github

почти 4 года назад