Hewlett-Packard je objavio sigurnosnu preporuku vezanu uz pojavu ranjivosti u programskom paketu HP Business Availability Center (BAC) koja se može iskoristiti za izvođenje XSS napada.

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02823184

Version: 1
HPSBMA02681 SSRT100493 rev.1 - HP Business Availability Center (BAC) Running on Windows and Solaris, Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-05-12

Last Updated: 2011-05-12

Potential Security Impact: Remote Cross Site Scripting (XSS)

Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY

A potential security vulnerability has been identified with HP Business Availability Center (BAC) running on Windows and Solaris . The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS).

References: CVE-2011-1856
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP Business Availability Center (BAC) v8.06 and earlier on Windows and Solaris
BACKGROUND

For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
	
Base vector
	
Base score
CVE-2011-1856
	
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
	
4.3

Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION

HP has made hotfixes available for BAC v8.06 to resolve the vulnerability. The hotfixes are available here: http://support.openview.hp.com/support.jsp
Upgrade to
	
Then apply this hotfix
BAC v8.06 for Windows
	
BAC_00717
BAC v8.06 for Solaris
	
BAC_00718

HISTORY
Version:1 (rev.1) 12 May 20011 Initial release