Release DateDec 22, 2011 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can execute arbitrary script code in the context of the affected site. |
DescriptionThis indicates an attack attempt against a Cross Site Scripting vulnerability in HP Network Node Manager i (NNMi).The vulnerability is due to input sanitation errors during GET and POST requests. A Remote attacker can exploit this by sending specially-crafted page with a malicious URI. Successful attacks may allow the attacker to steal authentication cookies and/or private data. |
Affected ProductsHP Network Node Manager i (NNMi) 9.0xHP Network Node Manager i (NNMi) 9.1x |
Recommended ActionsApply patches or fixes from the vendor, available from the website:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03035744 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2011-4155 |
Reference/shttps://portal.telussecuritylabs.com/threat/TSL20111110-04 |
