Technical Description

Multiple vulnerabilities have been identified in HP Oracle for OpenView, which could be exploited by remote or local attackers to cause a denial of service, execute arbitrary commands, read and overwrite arbitrary data, disclose sensitive information, conduct SQL injection and cross site scripting attacks, or bypass security restrictions. For additional information, see : VUPEN/ADV-2008-1233

Affected Products

HP Oracle for OpenView (OfO) version 8.1.7
HP Oracle for OpenView (OfO) version 9.1.01
HP Oracle for OpenView (OfO) version 9.2
HP Oracle for OpenView (OfO) version 9.2.0
HP Oracle for OpenView (OfO) version 10g
HP Oracle for OpenView (OfO) version 10gR2

Solution

Apply patches :
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html

References

http://www.vupen.com/english/advisories/2008/1267
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143

ChangeLog

2008-04-18 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.