Nortel Response to HP OpenView Potential Vulnerabilities
| Description: |
Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories Hewlett Packard has recently provided fixes for 2 publicly announced potential security vulnerabilities with their OpenView product. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. This bulletin addresses the following potential vulnerabilities: 1) HP OpenView Network Node Manager Input Validation Hole Permits Cross-Site Scripting Attacks A vulnerability was reported in HP OpenView Network Node Manager. A remote user can conduct cross-site scripting attacks. Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01218087 Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the OpenView software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. 2) HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code (CVE-2007-6204) A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could be exploited remotely by an unauthorized user to execute arbitrary code with the permissions of the NNM server. Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01188923 Impact: A remote user can execute arbitrary code on the target system. |
| Type: |
Security Advisories |
| Number: |
2008008587, Rev 1 |
| Status: |
Retired |
| Date: |
2008-05-01 |
