certfr_avis - certa-2011-avi-641

CERTA-2011-AVI-641

Vulnerability from certfr_avis

Une vulnérabilité dans HP Directories Support for ProLiant Management Processors permet à une personne malveillante de contourner la politique de sécurité.

Description

Une vulnérabilité dans HP Directories Support for ProLiant Management Processors peut être exploitée par une personne malveillante distante pour accéder de façon non autorisée à Integrated Lights-Out (iLO 2 ou 3), une solution HP d'administration de serveurs à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP Directories Support for ProLiant Management Processors versions 3.10 et 3.20.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c03082006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eHP Directories Support for ProLiant  Management Processors\u003c/SPAN\u003e versions 3.10 et 3.20.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans HP Directories Support for ProLiant Management\nProcessors peut \u00eatre exploit\u00e9e par une personne malveillante distante\npour acc\u00e9der de fa\u00e7on non autoris\u00e9e \u00e0 Integrated Lights-Out (iLO 2 ou\n3), une solution HP d\u0027administration de serveurs \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4158"
    }
  ],
  "initial_release_date": "2011-11-15T00:00:00",
  "last_revision_date": "2011-11-15T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-641",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eHP Directories Support for\nProLiant Management Processors\u003c/span\u003e permet \u00e0 une personne malveillante\nde contourner la politique de s\u00e9curit\u00e9.\n",
  "title": "HP Directories Support for ProLiant Management Processors",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03082006",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03082006"
    }
  ]
}

CVE-2011-4158 (GCVE-0-2011-4158)

Vulnerability from cvelistv5

Published

2011-11-16 16:00

Modified

2024-08-07 00:01

Severity ?

CWE

Summary

Unspecified vulnerability in HP Directories Support for ProLiant Management Processors 3.10 and 3.20 for Integrated Lights-Out iLO2 and iLO3 allows remote authenticated users to obtain sensitive information via unknown vectors.

References

URL

Tags

	http://www.securityfocus.com/archive/1/520484/100/0/threaded	vendor-advisory, x_refsource_HP
	http://www.securityfocus.com/archive/1/520484/100/0/threaded	vendor-advisory, x_refsource_HP
	http://securityreason.com/securityalert/8531	third-party-advisory, x_refsource_SREASON

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:01:51.102Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBHF02721",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/520484/100/0/threaded"
          },
          {
            "name": "SSRT100605",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/520484/100/0/threaded"
          },
          {
            "name": "8531",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8531"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-11-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in HP Directories Support for ProLiant Management Processors 3.10 and 3.20 for Integrated Lights-Out iLO2 and iLO3 allows remote authenticated users to obtain sensitive information via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01.000Z",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "name": "HPSBHF02721",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/520484/100/0/threaded"
        },
        {
          "name": "SSRT100605",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/520484/100/0/threaded"
        },
        {
          "name": "8531",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8531"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2011-4158",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in HP Directories Support for ProLiant Management Processors 3.10 and 3.20 for Integrated Lights-Out iLO2 and iLO3 allows remote authenticated users to obtain sensitive information via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBHF02721",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/520484/100/0/threaded"
            },
            {
              "name": "SSRT100605",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/520484/100/0/threaded"
            },
            {
              "name": "8531",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8531"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2011-4158",
    "datePublished": "2011-11-16T16:00:00.000Z",
    "dateReserved": "2011-10-21T00:00:00.000Z",
    "dateUpdated": "2024-08-07T00:01:51.102Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTA-2011-AVI-641

Vulnerability from certfr_avis

Description

Solution

CVE-2011-4158 (GCVE-0-2011-4158)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature