HP OpenView OmniBack directory traversal

2006-06-0600:00:00

SAINT Corporation

download.saintcorporation.com

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.001

Percentile

41.7%

JSON

Added: 06/06/2006
CVE: CVE-2001-0311
BID: 11032
OSVDB: 6018

Background

HP OpenView is a suite of tools for managing networks. The OmniBack component provides backup and restoration capabilities.

Problem

A directory traversal vulnerability in the OmniBack service allows a remote attacker to run a command processor outside the defined directory. By specifying the path to a shell interpreter, a remote attacker could gain the ability to execute arbitrary commands.