HP OpenView Network Node Manager is prone to multiple remote code- execution vulnerabilities. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the user running the application's webserver. Failed exploit attempts will likely result in denial-of-service conditions. OpenView Network Node Manager 7.51 and 7.53 are vulnerable.

Updates are available. Please see the references for details.

• http://openview.hp.com/
• http://www.securityfocus.com/archive/1/515628
• http://www.zerodayinitiative.com/advisories/ZDI-11-003/
• http://www.zerodayinitiative.com/advisories/ZDI-11-004/
• http://www.zerodayinitiative.com/advisories/ZDI-11-005/
• http://www.zerodayinitiative.com/advisories/ZDI-11-006/
• http://www.zerodayinitiative.com/advisories/ZDI-11-007/
• http://www.zerodayinitiative.com/advisories/ZDI-11-008/
• http://www.zerodayinitiative.com/advisories/ZDI-11-009/
• http://www.zerodayinitiative.com/advisories/ZDI-11-010/
• http://www.zerodayinitiative.com/advisories/ZDI-11-011/
• http://www.zerodayinitiative.com/advisories/ZDI-11-012/
• https://www.securityfocus.com/bid/45762

---

Updated on 2015-03-25