Hidden Account Vulnerability in HP OpenView Performance Insight Server

Hidden Account Vulnerability in HP OpenView Performance Insight Server

CVE-2011-0276 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.

Learn more about our Cis Benchmark Audit For Server Software.