CVE-2008-4559

CWE-20 — Improper Input Validation3 documents3 sources

Severity

10.0CRITICAL

EPSS

3.5%

top 12.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Openview Network Node Manager

Timeline

PublishedFeb 8

Latest updateMay 2

Description

HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/openview_network_node_manager7.0.1, 7.51, 7.53+2

Patches

Patch: labs.idefense.com ↗Patch: labs.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-gg39-vgcm-jw25: HP OpenView Network Node Manager (OV NNM) 7↗2022-05-02

▶

CVEList

CVE-2008-4559: HP OpenView Network Node Manager (OV NNM) 7↗2009-02-08

▶