Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
HP Operations Manager后门账号漏洞
Vulnerability Description
HP Operations Manager(OM)是美国惠普(HP)公司的一套面向业务的企业级系统管理软件。该软件提供系统管理、应用管理、事件处理、业务展现等功能。 Windows平台下的HP Operations Manager的Tomcat用户XML配置文件中存在隐藏的账号。远程攻击者可以通过org.apache.catalina.manager.HTMLManagerServlet类来向manager/html/upload提交请求,导致执行无限制的文件上传攻击和执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A