HP Operations Agent helps in monitoring a system by collecting metrics that indicate the health, performance, and availability of essential elements.
HP Operations Agent is vulnerable to a remote cross-site scripting (XSS) attack.
HPOvBbc Component version prior to 11.05.024 in HP Operations Agent
HPOvBbc Component version prior to 11.11.103 in HP Operations Agent
HPOvBbc Component version prior to 11.12.022 in HP Operations Agent
QID Detection Logic:
The QID check the version of the “HPOvBbc” Component in HP Operations Agent by running the command “ovdeploy -inv | grep HPOvBbc”.
Successful exploitation of the vulnerability will lead to a cross-site scripting (XSS) attack.
For more information, customers are advised to refer the vendor advisory.
Configure “LOCAL_INFO_ONLY=TRUE” in the file “bbc.cb” on HP Operations Agent to avoid the vulnerability. Restarting the Agent processes is not required after the configuration change.
Following are links for downloading patches to fix the vulnerabilities: