FKIE_CVE-2011-0890

Vulnerability from fkie_nvd - Published: 2011-03-25 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community.
References
hp-security-alert@hp.comhttp://marc.info/?l=bugtraq&m=130082163516878&w=2Vendor Advisory
hp-security-alert@hp.comhttp://securityreason.com/securityalert/8163
hp-security-alert@hp.comhttp://securitytracker.com/id?1025239
hp-security-alert@hp.comhttp://www.securityfocus.com/bid/46981
hp-security-alert@hp.comhttp://www.vupen.com/english/advisories/2011/0755
hp-security-alert@hp.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/66242
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=130082163516878&w=2Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/8163
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1025239
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/46981
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0755
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/66242
Impacted products
Vendor Product Version
hp discovery\&dependency_mapping_inventory 7.50
hp discovery\&dependency_mapping_inventory 7.51
hp discovery\&dependency_mapping_inventory 7.60
hp discovery\&dependency_mapping_inventory 7.61
hp discovery\&dependency_mapping_inventory 7.70
hp discovery\&dependency_mapping_inventory 9.30
microsoft windows *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:discovery\\\u0026dependency_mapping_inventory:7.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "044B28F0-C1C5-4BE6-ADA7-28341024A1C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:discovery\\\u0026dependency_mapping_inventory:7.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "146FFF61-C7B7-404C-9697-97AAF1138FAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:discovery\\\u0026dependency_mapping_inventory:7.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD17A792-40FD-4032-8552-14464BAF93B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:discovery\\\u0026dependency_mapping_inventory:7.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "839425E6-2DC4-44DE-99FA-8638B0DDC3DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:discovery\\\u0026dependency_mapping_inventory:7.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "B180F4F2-6FC6-41AD-8134-80023F692F66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:discovery\\\u0026dependency_mapping_inventory:9.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5031736-4B2D-4861-A3DB-1467F212AB36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HP Discovery \u0026 Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community."
    },
    {
      "lang": "es",
      "value": "HP Discovery \u0026 Dependency Mapping Inventory (DDMI) v7.50, v7.51, v7.60, v7.61, v7.70 y v9.30 inicia el servicio SNMP de Windows con su configuraci\u00f3n predeterminada, lo que permite a atacantes remotos obtener informaci\u00f3n sensible u otro impacto no especificado mediante el aprovechamiento de la lectura p\u00fablica de la comunidad."
    }
  ],
  "id": "CVE-2011-0890",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-03-25T18:55:01.450",
  "references": [
    {
      "source": "hp-security-alert@hp.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=130082163516878\u0026w=2"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://securityreason.com/securityalert/8163"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://securitytracker.com/id?1025239"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://www.securityfocus.com/bid/46981"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://www.vupen.com/english/advisories/2011/0755"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=130082163516878\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66242"
    }
  ],
  "sourceIdentifier": "hp-security-alert@hp.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.