CVE-2008-4560

CWE-200 — Information Exposure3 documents3 sources

Severity

7.8HIGH

EPSS

0.4%

top 37.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Openview Network Node Manager

Timeline

PublishedFeb 8

Latest updateMay 2

Description

HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI program, which reveals configuration details. NOTE: this issue may be partially covered by CVE-2009-0205.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDhp/openview_network_node_manager7.0.1, 7.51, 7.53+2

Patches

Patch: h20000.www2.hp.com ↗Patch: h20000.www2.hp.com ↗

🔴Vulnerability Details

GHSA

GHSA-72c7-mpv6-r75h: HP OpenView Network Node Manager (OV NNM) 7↗2022-05-02

▶

CVEList

CVE-2008-4560: HP OpenView Network Node Manager (OV NNM) 7↗2009-02-08

▶