Vigil@nce: HP-UX, access to WBEM data
April 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local or remote attacker can read or alter diagnostic data of
WBEM.
– Severity: 2/4
– Creation date: 28/03/2012
IMPACTED PRODUCTS
– HP-UX
DESCRIPTION OF THE VULNERABILITY
WBEM standard (Web Based Enterprise Management) unifies system
administration. The WBEMMgmtBundle and SysFaultMgmt modules
implement WBEM. They are impacted by two vulnerabilities.
On HP-UX 11.31, a local attacker can read or alter diagnostic
data. [severity:1/4; BID-52733, CVE-2012-0125]
On HP-UX 11.11 and 11.23, a remote attacker can read or alter
diagnostic data. [severity:2/4; BID-52734, CVE-2012-0126]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/HP-UX-access-to-WBEM-data-11496