You are here

U-135: HP WBEM Discloses Diagnostic Data to Remote and Local Users

March 28, 2012 - 7:00am

Addthis

PROBLEM:

HP WBEM Discloses Diagnostic Data to Remote and Local Users

PLATFORM:

HP-UX 11.11, 11.23, and 11.31

ABSTRACT:

Two vulnerabilities were reported in HP WBEM. A remote or local user can gain access to diagnostic data.

REFERENCE LINKS:

SecurityTracker Alert ID: 1026849
CVE-2012-0125
CVE-2012-0126

iIMPACT ASSESSMENT

Medium

Discussion:

A potential security vulnerability has been identified with certain HP-UX WBEM components. The vulnerability could be exploited remotely in HP-UX 11.11 and HP-UX 11.23 to gain unauthorized access to diagnostic data. The vulnerability could be exploited locally in HP-UX 11.31 to gain unauthorized access to diagnostic data.

Impact:

A remote or local user can gain access to diagnostic data.

Solution:

The vendor has issued a fix.

Addthis