U radu programskog paketa HP SiteScope uočen je sigurnosni propust kojeg udaljeni napadač može iskoristiti za pristup, izmjenu i brisanje osjetljivih podataka.

HP SiteScope Administrative Interface Security Bypass Security Issue
Secunia Advisory 	SA45721 	

Release Date 	2011-08-29
Criticality level 	Less criticalLess critical
Impact 	Security Bypass
Where 	From local network
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Unpatched
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
Remediation status 	Secunia VIM
  	 
Software:	
	HP SiteScope 11.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	No CVE references.

	   	

Description

Luigi Auriemma has discovered a security issue in HP SiteScope, which can be exploited by malicious users to bypass certain security restrictions.

The security issue is caused due to the administrative web interface not properly validating certain requests and can be exploited to perform administrative tasks e.g. create an arbitrary user.

The security issue is confirmed in version 11.10 Build 2929. Other versions may also be affected.

Solution
Restrict access to trusted users only.

Provided and/or discovered by
Luigi Auriemma

Original Advisory
http://aluigi.altervista.org/adv/sitescope_2-adv.txt