U radu programskog paketa HP Business Service Automation (BSA) Essentials uočen je sigurnosni propust kojeg udaljeni napadač može iskoristiti za proizvoljno pokretanje programskog koda.

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03014398

Version: 1
HPSBMU02705 SSRT100622 rev.1 - HP Business Service Automation (BSA) Essentials, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-09-19

Last Updated: 2011-09-19

Potential Security Impact: Remote execution of arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY

A potential security vulnerability has been identified with HP Business Service Automation (BSA) Essentials. The vulnerability could be exploited remotely to execute arbitrary code.

References: CVE-2011-2412
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP Business Service Automation (BSA) Essentials v2.01
BACKGROUND

For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

CVSS 2.0 Base Metrics
Reference
	
Base Vector
	
Base Score
CVE-2011-2412
	
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
	
10.0

Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION

HP has provided a hotfix to resolve this vulnerability. To obtain the hotfix contact the normal HP Services support channel and request hotfix QCCR1D134337.

HISTORY
Version:1 (rev.1) - 19 September 2011