Vulnerability-Lookup

CERTA-2010-AVI-218

Vulnerability from certfr_avis - Published: 2010-05-19 - Updated: 2010-05-19

Plusieurs vulnérabilités dans HP Insight Control Server Migration pour Windows permettent de réaliser une injection de code indirecte.

Description

Plusieurs vulnérabilités ont été découvertes dans HP Insight Control Server Migration pour Windows. Elles permettent de réaliser des injections de code indirectes.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP Insight Control Server Migration pour Windows versions antérieures à v6.0.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HPSBMA02522 SSRT100086 du 11 mai 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eHP Insight Control Server  Migration\u003c/SPAN\u003e pour \u003cSPAN class=\"textit\"\u003eWindows\u003c/SPAN\u003e  versions ant\u00e9rieures \u00e0 v6.0.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans HP Insight Control\nServer Migration pour Windows. Elles permettent de r\u00e9aliser des\ninjections de code indirectes.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1557"
    }
  ],
  "initial_release_date": "2010-05-19T00:00:00",
  "last_revision_date": "2010-05-19T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-218",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eHP Insight Control\nServer Migration\u003c/span\u003e pour \u003cspan class=\"textit\"\u003eWindows\u003c/span\u003e\npermettent de r\u00e9aliser une injection de code indirecte.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans HP Insight Control Server Migration",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HPSBMA02522 SSRT100086 du 11 mai 2010",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02114879"
    }
  ]
}

CVE-2010-1557 (GCVE-0-2010-1557)

Vulnerability from cvelistv5 – Published: 2010-05-14 20:00 – Updated: 2024-08-07 01:28

Summary

Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

References

URL

Tags

	http://marc.info/?l=bugtraq&m=127370362007932&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=127370362007932&w=2	vendor-advisoryx_refsource_HP
	http://osvdb.org/64615	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard Create KEV Entry

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:28:42.091Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT100086",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127370362007932\u0026w=2"
          },
          {
            "name": "HPSBMA02522",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127370362007932\u0026w=2"
          },
          {
            "name": "64615",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/64615"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-04-30T09:00:00",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "name": "SSRT100086",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127370362007932\u0026w=2"
        },
        {
          "name": "HPSBMA02522",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127370362007932\u0026w=2"
        },
        {
          "name": "64615",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/64615"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2010-1557",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSRT100086",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127370362007932\u0026w=2"
            },
            {
              "name": "HPSBMA02522",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127370362007932\u0026w=2"
            },
            {
              "name": "64615",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/64615"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2010-1557",
    "datePublished": "2010-05-14T20:00:00",
    "dateReserved": "2010-04-26T00:00:00",
    "dateUpdated": "2024-08-07T01:28:42.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTA-2010-AVI-218

Description

Solution

CVE-2010-1557 (GCVE-0-2010-1557)

Tags

Sightings

Nomenclature