You are here

U-142: HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks

April 6, 2012 - 7:00am

Addthis

PROBLEM:

HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks

PLATFORM:

HP Onboard Administrator (OA) up to and including v3.32

ABSTRACT:

A remote user can obtain potentially sensitive information.

reference LINKS:

HP Support Document ID: c03263573
SecurityTracker Alert ID: 1026889
CVE-2012-0128, CVE-2012-0129, CVE-2012-0130

IMPACT ASSESSMENT:

High

Discussion:

Several vulnerabilities were reported in HP Onboard Administrator. A remote user can gain access. A remote user can obtain potentially sensitive information. A remote user can conduct URL redirection attacks.

Impact:

Remote unauthorized access, unauthorized information disclosure, Denial of Service (DoS), URL redirection

Solution:

HP has made Onboard Administrator (OA) v3.50 or subsequent available to resolve the vulnerabilities.

 

Addthis