CVE编号
CVE-2013-4808利用情况
暂无补丁情况
N/A披露时间
2013-08-18漏洞描述
HP Service Manager是ITSM的核心软件。HP Service Manager v9.31, v9.30, v9.21, v7.11存在允许未经身份验证访问和权限提升漏洞攻击者可利用此漏洞在未经身份验证的情况下访问受影响应用并以提升的权限执行未授权操作。
解决建议
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:SM 9.31P2 Server platform
Patch URL
Windows Server 9.31.2004 p2
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00423
HP Itanium Server 9.31.2004 p2
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00420
Linux Server 9.31.2004 p2
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00421
Solaris Server 9.31.2004 p2
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00422
AIX Server 9.31.2004 p2
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00419
SM 9.31P2 Web Tier
Patch URL
Web Tier 9.31.2004 p2
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00424
SM 9.30P5 Server platform
Patch URL
Windows Server 9.30.511 p5
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00351
HP Itanium Server 9.30.511 p5
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00348
Linux Server 9.30.511 p5
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00349
Solaris Server 9.30.511 p5
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00350
AIX Server 9.30.511 p5
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00347
SM 9.30P5 Web Tier
Patch URL
Web Tier 9.30.511 p5
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00352
SM 9.30AP3 Applications
Patch URL
Applications 9.30 ap3
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00367
SM 9.21P7 Server platform
Patch URL
Windows Server 9.21.624 p7
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00434
HP Itanium Server 9.21.624 p7
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00430
HP Parisc Server 9.21.624 p7
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00431
Linux Server 9.21.624 p7
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00432
Solaris Server 9.21.624 p7
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00433
AIX Server 9.21.624 p7
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00429
SM 9.21P7 Web Tier
Patch URL
Web Tier 9.21.624 p7
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00435
SM 9.21AP3 Applications
Patch URL
Applications 9.21 ap3
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00393
SM 7.11P20 Server platform
Patch URL
Windows Server 7.11.604 p20
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00408
HP Itanium Server 7.11.604 p20
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00404
HP Parisc Server 7.11.604 p20
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00405
Linux Server 7.11.604 p20
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00406
Solaris Server 7.11.604 p20
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00407
AIX Server 7.11.604 p20
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00403
SM 7.11P20 Web Tier
Patch URL
Web Tier 7.11.604 p20
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00409
SM 7.11AP3 Applications
Patch URL
Applications 7.11 ap3
http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00383
SC6.2.8.12 Server platform
Patch URL
Aix Server 6.2.8.12
http://support.openview.hp.com/selfsolve/document/LID/HPSC_00263
HP Itanium Server 6.2.8.12
http://support.openview.hp.com/selfsolve/document/LID/HPSC_00264
HP parisc Server 6.2.8.12
http://support.openview.hp.com/selfsolve/document/LID/HPSC_00265
Linux Server 6.2.8.12
http://support.openview.hp.com/selfsolve/document/LID/HPSC_00266
Solaris Server 6.2.8.12
http://support.openview.hp.com/selfsolve/document/LID/HPSC_00267
Windows Server 6.2.8.12
http://support.openview.hp.com/selfsolve/document/LID/HPSC_00268
SC6.2.8.12 Web Tier
Patch URL
Web Tier 6.2.8.12
http://support.openview.hp.com/selfsolve/document/LID/HPSC_00269
参考链接 |
|
|---|---|
| http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay... | |
| http://secunia.com/advisories/54546 | |
| http://www.securitytracker.com/id/1028912 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86444 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | hp | service_center | 6.2.8 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | hp | service_manager | 7.11 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | hp | service_manager | 9.21 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | hp | service_manager | 9.30 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | hp | service_manager | 9.31 | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 N/A
- 用户交互 无
- 可用性 完全地
- 保密性 完全地
- 完整性 完全地
还没有评论,来说两句吧...