PROBLEM:
HP Onboard Administrator Bugs Let Remote Users Gain Access, Obtain Information, and Conduct URL Redirection Attacks
PLATFORM:
HP Onboard Administrator (OA) up to and including v3.32
ABSTRACT:
A remote user can obtain potentially sensitive information.
reference LINKS:
HP Support Document ID: c03263573
SecurityTracker Alert ID: 1026889
CVE-2012-0128, CVE-2012-0129, CVE-2012-0130
IMPACT ASSESSMENT:
High
Discussion:
Several vulnerabilities were reported in HP Onboard Administrator. A remote user can gain access. A remote user can obtain potentially sensitive information. A remote user can conduct URL redirection attacks.
Impact:
Remote unauthorized access, unauthorized information disclosure, Denial of Service (DoS), URL redirection
Solution:
HP has made Onboard Administrator (OA) v3.50 or subsequent available to resolve the vulnerabilities.