CVE-2011-4788

2012-01-1304:14:38

CWE-22

[email protected]

web.nvd.nist.gov

cve-2011-4788

absolute path traversal

web interface

hp storageworks

p2000 g3 msa

vulnerability

remote attackers

arbitrary files

uri

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.084 Low

EPSS

Percentile

94.4%

JSON

Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI.

Affected configurations

NVD

Node

hpstorageworks_p2000_g3_msa_fc\/iscsi_dual_combo_controller_lff_array_systemMatchaw567a

hpstorageworks_p2000_g3_msa_fibre_channel_dual_controller_lff_array_systemMatchap845a

hpstorageworks_p2000_g3_msa_fibre_channel_dual_controller_sff_array_systemMatchap846a

CPENameOperatorVersion
hp:storageworks_p2000_g3_msa_fc\/iscsi_dual_combo_controller_lff_array_systemhp storageworks p2000 g3 msa fc/iscsi dual combo controller lff array systemeqaw567a
hp:storageworks_p2000_g3_msa_fibre_channel_dual_controller_lff_array_systemhp storageworks p2000 g3 msa fibre channel dual controller lff array systemeqap845a
hp:storageworks_p2000_g3_msa_fibre_channel_dual_controller_sff_array_systemhp storageworks p2000 g3 msa fibre channel dual controller sff array systemeqap846a

CPE	Name	Operator	Version
hp:storageworks_p2000_g3_msa_fc\/iscsi_dual_combo_controller_lff_array_system	hp storageworks p2000 g3 msa fc/iscsi dual combo controller lff array system	eq	aw567a
hp:storageworks_p2000_g3_msa_fibre_channel_dual_controller_lff_array_system	hp storageworks p2000 g3 msa fibre channel dual controller lff array system	eq	ap845a
hp:storageworks_p2000_g3_msa_fibre_channel_dual_controller_sff_array_system	hp storageworks p2000 g3 msa fibre channel dual controller sff array system	eq	ap846a