Title

Multiple Cross-Site Scripting Vulnerabilities in HP Network Node Manager i (NNMi) (Cat I impact)

Discussion

Hewlett Packard has addressed multiple vulnerabilities affecting HP Network Node Manager i (NNMi). HP Network Node Manager i is a fault-management application for IP networks. To exploit these vulnerabilities, a remote attacker would create a malicious URI and send an email to potential victims. If successfully exploited, these vulnerabilities would allow a remote attacker to perform a cross-site scripting attack and compromise the system.

Check Content

See IAVM notice and vendor bulletin for additional information. Vulnerable Applications/Systems: HP-UX / Linux / Solaris / Windows HP Network Node Manager I (NNMi) v8.x HP Network Node Manager I (NNMi) v9.0x HP Network Node Manager I (NNMi) v9.1x HP Network Node Manager I (NNMi) v9.20 Verify the application's version number by using Help, About or similar menu selections. Ensure the Application/System version is at least the version listed below. For NNMI v8.x, upgrade to v9.0x, or v9.1x, or v9.20 and apply the required patch and the hotfix listed in the table below. NNMI Version/Required Patch/Hotfix 9.0x Patch 5 Hotfix-NNMi-9.0xP5-UI-Security-20120801 NNMI Version/Required Patch/Hotfix 9.1x Patch 3 or 4 Hotfix-NNMi-9.1xP4-UI-Security-20120801 NNMI Version/Required Patch/Hotfix 9.20 No Patch Required Hotfix-NNMi-9.20-NmsAsShared-20120801 Windows - Alternately, verify the version through the Support information link for the program in Add or Remove Programs or Programs and Features (Vista Forward). To expose the version column in Programs and Features right click somewhere in the column headers, select More and select Version.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-33555

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.