CVE-2009-4000 — HIGH (10.0)

Q: How severe is CVE-2009-4000?

CVE-2009-4000 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-4000?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Power Manager.

Vulnerability Description

Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Hp	Power Manager	<= 4.2.9

Related Weaknesses (CWE)

CWE-22

References

http://marc.info/?l=bugtraq&m=126393370331959&w=2Vendor Advisory
http://secunia.com/advisories/37280Vendor Advisory
http://secunia.com/secunia_research/2009-48/Vendor Advisory
http://securitytracker.com/id?1023470
http://www.securityfocus.com/bid/37873
http://marc.info/?l=bugtraq&m=126393370331959&w=2Vendor Advisory
http://secunia.com/advisories/37280Vendor Advisory
http://secunia.com/secunia_research/2009-48/Vendor Advisory
http://securitytracker.com/id?1023470
http://www.securityfocus.com/bid/37873

FAQ

What is CVE-2009-4000?

CVE-2009-4000 is a vulnerability with a CVSS score of 10.0 (HIGH). Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory travers...

How severe is CVE-2009-4000?

CVE-2009-4000 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-4000?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Power Manager.