CVE-2012-2561 — HP Business Service Management vulnerability

CWE-2644 documents4 sources

Severity

10.0CRITICALNVD

EPSS

4.2%

top 11.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Business Service Management

Timeline

PublishedMay 21

Latest updateMay 17

Description

HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/business_service_management9.12

🔴Vulnerability Details

GHSA

GHSA-6c74-9v8c-c8ch: HP Business Service Management (BSM) 9↗2022-05-17

▶

CVEList

CVE-2012-2561: HP Business Service Management (BSM) 9↗2012-05-21

▶

💬Community

Bugzilla

CVE-2012-0283 dokuwiki: XSS flaw in tpl_mediaFileList()↗2012-07-16

▶