CVE-2011-2608 — Improper Input Validation in HP Openview Performance Agent

CWE-20 — Improper Input Validation2 documents2 sources

Severity

6.4MEDIUMNVD

EPSS

0.8%

top 25.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Openview Performance Agent HP Operations Agent

Timeline

PublishedJul 1

Latest updateMay 17

Description

ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶NVDhp/openview_performance_agent4.70, 5.0+1

▶NVDhp/operations_agent7 versions+6

🔴Vulnerability Details

GHSA

GHSA-jp3v-q9r4-cpq5: ovbbccb↗2022-05-17

▶