cvelistv5 - cve-2007-4720

CVE-2007-4720 (GCVE-0-2007-4720)

Vulnerability from cvelistv5

Published

2007-09-05 19:00

Modified

2024-08-07 15:08

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

cve-2007-4720

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2008-05-21 00:00

Severity ?

() - -

Summary

JP1/Cm2/Network Node Manager Arbitrary Code Execution Vulnerability

Details

Shared Trace Service in JP1/Cm2/Network Node Manager (NNM) is vulnerable to arbitrary code execution.

References

Type

URL

	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4720
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4720
	SECUNIA	http://secunia.com/advisories/26668
	BID	http://www.securityfocus.com/bid/25520
	XF	http://xforce.iss.net/xforce/xfdb/36374
	FRSIRT	http://www.frsirt.com/english/advisories/2007/3035
	Code Injection(CWE-94)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Hitachi, Ltd

JP1/Cm2/Network Node Manager

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001092.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Shared Trace Service in JP1/Cm2/Network Node Manager (NNM) is vulnerable to arbitrary code execution.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001092.html",
  "sec:cpe": {
    "#text": "cpe:/a:hitachi:jp1_cm2_network_node_manager",
    "@product": "JP1/Cm2/Network Node Manager",
    "@vendor": "Hitachi, Ltd",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-001092",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4720",
      "@id": "CVE-2007-4720",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4720",
      "@id": "CVE-2007-4720",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/26668",
      "@id": "SA26668",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/25520",
      "@id": "25520",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/36374",
      "@id": "36374",
      "@source": "XF"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/3035",
      "@id": "FrSIRT/ADV-2007-3035",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-94",
      "@title": "Code Injection(CWE-94)"
    }
  ],
  "title": "JP1/Cm2/Network Node Manager Arbitrary Code Execution Vulnerability"
}

fkie_cve-2007-4720

Vulnerability from fkie_nvd

Published

2007-09-05 19:17

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/37859
cve@mitre.org	http://secunia.com/advisories/26668	Vendor Advisory
cve@mitre.org	http://www.hitachi-support.com/security_e/vuls_e/HS07-030_e/index-e.html
cve@mitre.org	http://www.securityfocus.com/bid/25520
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3035
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/36374
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37859
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26668	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.hitachi-support.com/security_e/vuls_e/HS07-030_e/index-e.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25520
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3035
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/36374

Impacted products

Vendor	Product	Version
hitachi	jp1_cm2_network_node_manager	07_10
hitachi	jp1_cm2_network_node_manager	07_10
hitachi	jp1_cm2_network_node_manager	07_10
hitachi	jp1_cm2_network_node_manager	07_10_01
hitachi	jp1_cm2_network_node_manager	07_10_01
hitachi	jp1_cm2_network_node_manager	07_10_01
hitachi	jp1_cm2_network_node_manager	07_10_02
hitachi	jp1_cm2_network_node_manager	07_10_02
hitachi	jp1_cm2_network_node_manager	07_10_02
hitachi	jp1_cm2_network_node_manager	07_10_03
hitachi	jp1_cm2_network_node_manager	07_10_03
hitachi	jp1_cm2_network_node_manager	07_10_03
hitachi	jp1_cm2_network_node_manager	07_10_04
hitachi	jp1_cm2_network_node_manager	07_10_04
hitachi	jp1_cm2_network_node_manager	07_10_04
hitachi	jp1_cm2_network_node_manager	07_10_05
hitachi	jp1_cm2_network_node_manager	07_10_05
hitachi	jp1_cm2_network_node_manager	07_10_05
hitachi	jp1_cm2_network_node_manager	08_00
hitachi	jp1_cm2_network_node_manager	08_00_01
hitachi	jp1_cm2_network_node_manager	08_00_02
hitachi	jp1_cm2_network_node_manager	08_00_03
hitachi	jp1_cm2_network_node_manager	08_00_10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10:*:hpux:*:*:*:*:*",
              "matchCriteriaId": "DD055485-0385-4E7C-B732-19861D353321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "A49EAE2F-A8C7-4440-AD31-AD3F58A62F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10:*:windows:*:*:*:*:*",
              "matchCriteriaId": "AEF701E1-F640-42D9-9FFD-3CFF35CDB158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_01:*:hpux:*:*:*:*:*",
              "matchCriteriaId": "8AE5CD88-2503-400C-9DE9-C61C665FD6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_01:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "70D5A7FC-D8CD-4AA4-809D-24A45338B807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_01:*:windows:*:*:*:*:*",
              "matchCriteriaId": "39FCD25D-435B-4F04-91AD-EF1AF3D03AB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_02:*:hpux:*:*:*:*:*",
              "matchCriteriaId": "670B6723-0F85-4026-800B-4CBF61504204",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_02:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "4C35C97B-9E21-4D2E-AEEA-DBFC591D1603",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_02:*:windows:*:*:*:*:*",
              "matchCriteriaId": "4EB0D66E-BB29-4589-9C22-9837A43136A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_03:*:hpux:*:*:*:*:*",
              "matchCriteriaId": "6BB4EADF-5508-4F3A-B331-17E613211039",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_03:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "5D0F3E32-3346-434F-944F-336031554387",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_03:*:windows:*:*:*:*:*",
              "matchCriteriaId": "5F03B7FE-66D9-408C-8EAA-E1C4639AFF22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_04:*:hpux:*:*:*:*:*",
              "matchCriteriaId": "DCC93D61-09FA-421D-B9F6-2ABEF4C70120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_04:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "51358FB2-4992-455E-8861-19A8083CA558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_04:*:windows:*:*:*:*:*",
              "matchCriteriaId": "16AA4490-15E6-4357-AEEF-66EBF9BA5FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_05:*:hpux:*:*:*:*:*",
              "matchCriteriaId": "E8F7DCD9-C037-46C3-AD62-F6EDFC8570E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_05:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "0B7D7117-08D9-42B4-86FD-4980D6A7F6FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_05:*:windows:*:*:*:*:*",
              "matchCriteriaId": "5B4187BD-4863-4D89-B832-8758038C3F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:08_00:*:starter:*:*:*:*:*",
              "matchCriteriaId": "4690BDA4-A0DB-41AC-A6EE-071F4D1502EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:08_00_01:*:starter:*:*:*:*:*",
              "matchCriteriaId": "C716C338-D4AC-4561-8EA2-0E94CC50AC87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:08_00_02:*:starter:*:*:*:*:*",
              "matchCriteriaId": "6CDA2C8A-6C38-4CF4-95EF-D9785DE809DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:08_00_03:*:starter:*:*:*:*:*",
              "matchCriteriaId": "F0E4D717-7E0C-4EFF-BA0A-D7455048DBAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:08_00_10:*:starter:*:*:*:*:*",
              "matchCriteriaId": "D0EFC366-83C0-4CE4-B1FB-1B6D0B5D8BE2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Shared Trace Service de Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 hasta 07-10-05, y NNM Starter Edition Enterprise y 250 08-00 hasta 08-10, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados."
    }
  ],
  "id": "CVE-2007-4720",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-09-05T19:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37859"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26668"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-030_e/index-e.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25520"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3035"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37859"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-030_e/index-e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36374"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-64x7-xw3h-6782

Vulnerability from github

Published

2022-05-01 18:26

Modified

2022-05-01 18:26

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4720"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-09-05T19:17:00Z",
    "severity": "MODERATE"
  },
  "details": "Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors.",
  "id": "GHSA-64x7-xw3h-6782",
  "modified": "2022-05-01T18:26:29Z",
  "published": "2022-05-01T18:26:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4720"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36374"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37859"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26668"
    },
    {
      "type": "WEB",
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-030_e/index-e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25520"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3035"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2007-4720

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-4720

Aliases

CVE-2007-4720

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4720",
    "description": "Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors.",
    "id": "GSD-2007-4720"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4720"
      ],
      "details": "Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors.",
      "id": "GSD-2007-4720",
      "modified": "2023-12-13T01:21:36.368938Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-4720",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-3035",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3035"
          },
          {
            "name": "37859",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37859"
          },
          {
            "name": "26668",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26668"
          },
          {
            "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-030_e/index-e.html",
            "refsource": "CONFIRM",
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-030_e/index-e.html"
          },
          {
            "name": "25520",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25520"
          },
          {
            "name": "hitachi-nnm-shared-code-execution(36374)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36374"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_03:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_03:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_05:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:08_00:*:starter:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_02:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_02:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_05:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_05:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_01:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_01:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_03:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_04:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:08_00_01:*:starter:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:08_00_02:*:starter:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_01:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_02:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_04:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:07_10_04:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:08_00_03:*:starter:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1_cm2_network_node_manager:08_00_10:*:starter:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4720"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-030_e/index-e.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-030_e/index-e.html"
            },
            {
              "name": "25520",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25520"
            },
            {
              "name": "26668",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26668"
            },
            {
              "name": "37859",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37859"
            },
            {
              "name": "ADV-2007-3035",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3035"
            },
            {
              "name": "hitachi-nnm-shared-code-execution(36374)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36374"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:33Z",
      "publishedDate": "2007-09-05T19:17Z"
    }
  }
}

Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors. Hitachi JP1/CM2/Network Node Manager is prone to a code-execution vulnerability. Hitachi JP1/CM2/Network Node Manager 07-10 through 07-10-5, 08-00 through 08-00-03, and 08-10 are vulnerable.

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.

Download the free PSI BETA from the Secunia website: https://psi.secunia.com/

TITLE: HP OpenView Products Shared Trace Service Buffer Overflow Vulnerabilities

SECUNIA ADVISORY ID: SA26394

VERIFY ADVISORY: http://secunia.com/advisories/26394/

CRITICAL: Moderately critical

IMPACT: System access

WHERE:

From local network

SOFTWARE: HP OpenView Performance Insight (OVPI) 5.x http://secunia.com/product/15212/ HP OpenView Dashboard 2.x http://secunia.com/product/15211/ HP OpenView Business Process Insight (OVBPI) 1.x http://secunia.com/product/15202/ HP OpenView Business Process Insight (OVBPI) 2.x http://secunia.com/product/15203/ HP OpenView Service Desk Process Insight (SDPI) 1.x http://secunia.com/product/15204/ HP OpenView Service Desk Process Insight (SDPI) 2.x http://secunia.com/product/15205/ HP Business Process Insight (HPBPI) 1.x http://secunia.com/product/15207/ HP Business Process Insight (HPBPI) 2.x http://secunia.com/product/15208/ HP Service Desk Process Insight (HPSDPI) 1.x http://secunia.com/product/15209/ HP Service Desk Process Insight (HPSDPI) 2.x http://secunia.com/product/15210/ HP OpenView Network Node Manager (NNM) 6.x http://secunia.com/product/2384/ HP OpenView Network Node Manager (NNM) 7.x http://secunia.com/product/3608/ HP OpenView Service Quality Manager (OV SQM) 1.x http://secunia.com/product/15200/ HP OpenView Operations Manager for Windows (OVOW) 7.x http://secunia.com/product/15199/ HP OpenView Operations HTTPS Agent 8.x http://secunia.com/product/8641/ HP OpenView Reporter 3.x http://secunia.com/product/15198/ HP OpenView Performance Agent http://secunia.com/product/2100/ HP OpenView Performance Manager (OVPM) 5.x http://secunia.com/product/15196/ HP OpenView Performance Manager (OVPM) 6.x http://secunia.com/product/15197/ HP OpenView Internet Service (OVIS) 6.x http://secunia.com/product/15195/

DESCRIPTION: Some vulnerabilities have been reported in HP OpenView products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerabilities are caused due to boundary errors within the Shared Trace Service component when handling certain requests. These can be exploited to cause stack-based buffer overflows via sending specially crafted requests to the service.

The vulnerabilities affect the following products and versions: * HP OpenView Internet Service (OVIS) v6.00, v6.10, v6.11 (Japanese), v6.20 running HP OpenView Cross Platform Component (XPL) vB.60.81.00, vB.60.90.00, and vB.61.90.000 * HP OpenView Performance Manager (OVPM) 5.x and 6.x * HP OpenView Performance Agent (OVPA) 4.5 and 4.6 * HP OpenView Reporter 3.7 * HP OpenView Operations (OVO) Agents OVO8.x HTTPS agents * HP OpenView Operations Manager for Windows (OVOW) v7.5 with the OpenView Operations (OVO) add on module for OpenView Operations-Business Availability Center (OVO-BAC) * HP OpenView Quality Manager (OV SQM) v1.2 SP1, v1.3, v1.40 running HP OpenView Cross Platform Component (XPL) 2.60.041, 2.61.060 and 2.61.110 * HP OpenView Network Node Manager (OV NNM) v6.41, v7.01, v7.50 running XPL earlier than 03.10.040 * HP OpenView Business Process Insight (OVBPI), HP Business Process Insight (HPBPI) , HP OpenView Service Desk Process Insight (SDPI), and HP Service Desk Process Insight (HPSDPI) versions 1.0, 1.1x, 2.0x and 2.10x * HP OpenView Dashboard v2.01 running HP OpenView Cross Platform Component (XPL) vB.60.90.00 and vB.61.90.000 * HP OpenView Performance Insight (OVPI) v5.0, v5.1, v5.1.1, v5.1.2, v5.2 running HP OpenView Cross Platform Component (XPL) earlier than v3.10.040

SOLUTION: Apply hotfixes. Please see the vendor's advisories for details.

PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Cody Pierce, TippingPoint DV Labs. 2) An anonymous researcher, reported via iDefense Labs.

ORIGINAL ADVISORY: HPSBMA02235 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515

HPSBMA02236 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171

HPSBMA02237 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584

HPSBMA02238 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617

HPSBMA02239 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576

HPSBMA02240 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627

HPSBMA02241 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851

HPSBMA02242 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038

HPSBMA02244 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023

HPSBMA02245 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156

HPSBMA02246 SSRT061260: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068

iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. No further information is currently available.

Please see the vendor's advisory for a list of affected products and versions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200709-0354",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "jp1 cm2 network node manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hitachi",
        "version": "07_10"
      },
      {
        "model": "jp1 cm2 network node manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hitachi",
        "version": "07_10_01"
      },
      {
        "model": "jp1 cm2 network node manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hitachi",
        "version": "08_00_03"
      },
      {
        "model": "jp1 cm2 network node manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hitachi",
        "version": "07_10_02"
      },
      {
        "model": "jp1 cm2 network node manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hitachi",
        "version": "08_00_10"
      },
      {
        "model": "jp1 cm2 network node manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hitachi",
        "version": "08_00_02"
      },
      {
        "model": "jp1 cm2 network node manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hitachi",
        "version": "08_00_01"
      },
      {
        "model": "jp1 cm2 network node manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "07_10_04"
      },
      {
        "model": "jp1 cm2 network node manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "08_00"
      },
      {
        "model": "jp1 cm2 network node manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "07_10_03"
      },
      {
        "model": "jp1 cm2 network node manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "07_10_05"
      },
      {
        "model": "jp1/cm2/network node manager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "hitachi",
        "version": "07-10-05"
      },
      {
        "model": "jp1/cm2/network node manager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "hitachi",
        "version": "07-10-04"
      },
      {
        "model": "jp1/cm2/network node manager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "hitachi",
        "version": "07-10-03"
      },
      {
        "model": "jp1/cm2/network node manager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "hitachi",
        "version": "07-10-02"
      },
      {
        "model": "jp1/cm2/network node manager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "hitachi",
        "version": "07-10-01"
      },
      {
        "model": "jp1/cm2/network node manager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "hitachi",
        "version": "07-10"
      },
      {
        "model": "jp1/cm2/network node manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/cm2/network node manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "starter edition 250"
      },
      {
        "model": "jp1/cm2/network node manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "starter edition enterprise"
      },
      {
        "model": "jp1/cm2/network node manager start edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "08-00-10"
      },
      {
        "model": "jp1/cm2/network node manager start edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "08-00-03"
      },
      {
        "model": "jp1/cm2/network node manager start edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "08-00-02"
      },
      {
        "model": "jp1/cm2/network node manager start edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "08-00-01"
      },
      {
        "model": "jp1/cm2/network node manager start edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "08-00"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "25520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001092"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-046"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4720"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:hitachi:jp1_cm2_network_node_manager",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001092"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor disclosed this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "25520"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-046"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2007-4720",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2007-4720",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2007-001092",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-4720",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2007-001092",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200709-046",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001092"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-046"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4720"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors. Hitachi JP1/CM2/Network Node Manager is prone to a code-execution vulnerability. \nHitachi JP1/CM2/Network Node Manager 07-10 through 07-10-5, 08-00 through 08-00-03, and 08-10 are vulnerable. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nHP OpenView Products Shared Trace Service Buffer Overflow\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26394\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26394/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nHP OpenView Performance Insight (OVPI) 5.x\nhttp://secunia.com/product/15212/\nHP OpenView Dashboard 2.x\nhttp://secunia.com/product/15211/\nHP OpenView Business Process Insight (OVBPI) 1.x\nhttp://secunia.com/product/15202/\nHP OpenView Business Process Insight (OVBPI) 2.x\nhttp://secunia.com/product/15203/\nHP OpenView Service Desk Process Insight (SDPI) 1.x\nhttp://secunia.com/product/15204/\nHP OpenView Service Desk Process Insight (SDPI) 2.x\nhttp://secunia.com/product/15205/\nHP Business Process Insight (HPBPI) 1.x\nhttp://secunia.com/product/15207/\nHP Business Process Insight (HPBPI) 2.x\nhttp://secunia.com/product/15208/\nHP Service Desk Process Insight (HPSDPI) 1.x\nhttp://secunia.com/product/15209/\nHP Service Desk Process Insight (HPSDPI) 2.x\nhttp://secunia.com/product/15210/\nHP OpenView Network Node Manager (NNM) 6.x\nhttp://secunia.com/product/2384/\nHP OpenView Network Node Manager (NNM) 7.x\nhttp://secunia.com/product/3608/\nHP OpenView Service Quality Manager (OV SQM) 1.x\nhttp://secunia.com/product/15200/\nHP OpenView Operations Manager for Windows (OVOW) 7.x\nhttp://secunia.com/product/15199/\nHP OpenView Operations HTTPS Agent 8.x\nhttp://secunia.com/product/8641/\nHP OpenView Reporter 3.x\nhttp://secunia.com/product/15198/\nHP OpenView Performance Agent\nhttp://secunia.com/product/2100/\nHP OpenView Performance Manager (OVPM) 5.x\nhttp://secunia.com/product/15196/\nHP OpenView Performance Manager (OVPM) 6.x\nhttp://secunia.com/product/15197/\nHP OpenView Internet Service (OVIS) 6.x\nhttp://secunia.com/product/15195/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in HP OpenView products,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nThe vulnerabilities are caused due to boundary errors within the\nShared Trace Service component when handling certain requests. These\ncan be exploited to cause stack-based buffer overflows via sending\nspecially crafted requests to the service. \n\nThe vulnerabilities affect the following products and versions:\n* HP OpenView Internet Service (OVIS) v6.00, v6.10, v6.11 (Japanese),\nv6.20 running HP OpenView Cross Platform Component (XPL) vB.60.81.00,\nvB.60.90.00, and vB.61.90.000\n* HP OpenView Performance Manager (OVPM) 5.x and 6.x\n* HP OpenView Performance Agent (OVPA) 4.5 and 4.6\n* HP OpenView Reporter 3.7\n* HP OpenView Operations (OVO) Agents OVO8.x HTTPS agents\n* HP OpenView Operations Manager for Windows (OVOW) v7.5 with the\nOpenView Operations (OVO) add on module for OpenView\nOperations-Business Availability Center (OVO-BAC)\n* HP OpenView Quality Manager (OV SQM) v1.2 SP1, v1.3, v1.40 running\nHP OpenView Cross Platform Component (XPL) 2.60.041, 2.61.060 and\n2.61.110\n* HP OpenView Network Node Manager (OV NNM) v6.41, v7.01, v7.50\nrunning XPL earlier than 03.10.040\n* HP OpenView Business Process Insight (OVBPI), HP Business Process\nInsight (HPBPI) , HP OpenView Service Desk Process Insight (SDPI),\nand HP Service Desk Process Insight (HPSDPI) versions 1.0, 1.1x, 2.0x\nand 2.10x\n* HP OpenView Dashboard v2.01 running HP OpenView Cross Platform\nComponent (XPL) vB.60.90.00 and vB.61.90.000\n* HP OpenView Performance Insight (OVPI) v5.0, v5.1, v5.1.1, v5.1.2,\nv5.2 running HP OpenView Cross Platform Component (XPL) earlier than\nv3.10.040\n\nSOLUTION:\nApply hotfixes. Please see the vendor\u0027s advisories for details. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Cody Pierce, TippingPoint DV Labs. \n2) An anonymous researcher, reported via iDefense Labs. \n\nORIGINAL ADVISORY:\nHPSBMA02235 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515\n\nHPSBMA02236 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171\n\nHPSBMA02237 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584\n\nHPSBMA02238 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617\n\nHPSBMA02239 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576\n\nHPSBMA02240 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627\n\nHPSBMA02241 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851\n\nHPSBMA02242 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038\n\nHPSBMA02244 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023\n\nHPSBMA02245 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156\n\nHPSBMA02246 SSRT061260:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068\n\niDefense Labs:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. No further information is currently available. \n\nPlease see the vendor\u0027s advisory for a list of affected products and\nversions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4720"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001092"
      },
      {
        "db": "BID",
        "id": "25520"
      },
      {
        "db": "PACKETSTORM",
        "id": "58426"
      },
      {
        "db": "PACKETSTORM",
        "id": "59014"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-4720",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "25520",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "26668",
        "trust": 2.6
      },
      {
        "db": "HITACHI",
        "id": "HS07-030",
        "trust": 2.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-3035",
        "trust": 1.6
      },
      {
        "db": "OSVDB",
        "id": "37859",
        "trust": 1.6
      },
      {
        "db": "XF",
        "id": "36374",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001092",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-046",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "26394",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58426",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "59014",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "25520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001092"
      },
      {
        "db": "PACKETSTORM",
        "id": "58426"
      },
      {
        "db": "PACKETSTORM",
        "id": "59014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-046"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4720"
      }
    ]
  },
  "id": "VAR-200709-0354",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.15072303
  },
  "last_update_date": "2024-11-23T22:24:07.471000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HS07-030",
        "trust": 0.8,
        "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-030_e/index-e.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001092"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001092"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4720"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/26668"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/25520"
      },
      {
        "trust": 2.0,
        "url": "http://www.hitachi-support.com/security_e/vuls_e/hs07-030_e/index-e.html"
      },
      {
        "trust": 1.6,
        "url": "http://osvdb.org/37859"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2007/3035"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/36374"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/3035"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36374"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4720"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4720"
      },
      {
        "trust": 0.3,
        "url": "http://www.hds.com/products/storage-software/hitachi-device-manager.html"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/26394/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2384/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15200/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15197/"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01110627"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01112038"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15202/"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15208/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15210/"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01109617"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15196/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15209/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15195/"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01106515"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15203/"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01115068"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3608/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15199/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15205/"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01114023"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15212/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15207/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15211/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15204/"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01109171"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15198/"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01111851"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01109584"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01114156"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/8641/"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01110576"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2100/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/9570/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26668/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "25520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001092"
      },
      {
        "db": "PACKETSTORM",
        "id": "58426"
      },
      {
        "db": "PACKETSTORM",
        "id": "59014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-046"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4720"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "25520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001092"
      },
      {
        "db": "PACKETSTORM",
        "id": "58426"
      },
      {
        "db": "PACKETSTORM",
        "id": "59014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-046"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4720"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-09-03T00:00:00",
        "db": "BID",
        "id": "25520"
      },
      {
        "date": "2008-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001092"
      },
      {
        "date": "2007-08-11T21:26:09",
        "db": "PACKETSTORM",
        "id": "58426"
      },
      {
        "date": "2007-09-05T02:20:04",
        "db": "PACKETSTORM",
        "id": "59014"
      },
      {
        "date": "2007-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200709-046"
      },
      {
        "date": "2007-09-05T19:17:00",
        "db": "NVD",
        "id": "CVE-2007-4720"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-07T17:35:00",
        "db": "BID",
        "id": "25520"
      },
      {
        "date": "2008-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001092"
      },
      {
        "date": "2007-09-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200709-046"
      },
      {
        "date": "2024-11-21T00:36:17.780000",
        "db": "NVD",
        "id": "CVE-2007-4720"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-046"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "JP1/Cm2/Network Node Manager Arbitrary Code Execution Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001092"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-046"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-4720 (GCVE-0-2007-4720)

Vulnerability from cvelistv5

cve-2007-4720

Vulnerability from jvndb

fkie_cve-2007-4720

Vulnerability from fkie_nvd

ghsa-64x7-xw3h-6782

Vulnerability from github

gsd-2007-4720

Vulnerability from gsd

var-200709-0354

Vulnerability from variot

Tags

Sightings

Nomenclature