Short Name |
APP:HPIM-SOM-EUACCNT-BYPASS |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
APP |
Keywords |
HP Intelligent Management Center SOM euAccountSerivce Authentication Bypass |
Release Date |
2013/11/20 |
Update Number |
2321 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects a known authentication bypass vulnerability in the SOM add-in module of HP Intelligent Management Center. It is due to a lack of authentication in the euAccountSerivce (sic) servlet when processing HTTP request parameters. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to create a web administration account on a target system.
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644.