CVE-2014-2647 HP Operations Agent Remote Cross-site Scripting Vulnerability (HPSBMU03126)

漏洞类别:Local

漏洞等级:

漏洞信息

HP Operations Agent helps in monitoring a system by collecting metrics that indicate the health, performance, and availability of essential elements.

HP Operations Agent is vulnerable to a remote cross-site scripting (XSS) attack.

Affected Versions:
HPOvBbc Component version prior to 11.05.024 in HP Operations Agent
HPOvBbc Component version prior to 11.11.103 in HP Operations Agent
HPOvBbc Component version prior to 11.12.022 in HP Operations Agent

QID Detection Logic:
The QID check the version of the “HPOvBbc” Component in HP Operations Agent by running the command “ovdeploy -inv | grep HPOvBbc”.

漏洞危害

Successful exploitation of the vulnerability will lead to a cross-site scripting (XSS) attack.

解决方案

For more information, customers are advised to refer the vendor advisory.

Workaround:
Configure “LOCAL_INFO_ONLY=TRUE” in the file “bbc.cb” on HP Operations Agent to avoid the vulnerability. Restarting the Agent processes is not required after the configuration change.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

HPSBMU03126

Leave a Reply