Vulnerability Details CVE-2009-4189
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.835
EPSS Ranking 99.2%
CVSS Severity
CVSS v2 Score 10.0
Products affected by CVE-2009-4189
-
cpe:2.3:a:hp:operations_manager:8.1
-
cpe:2.3:a:hp:operations_manager:8.10
-
cpe:2.3:a:hp:operations_manager:8.16
-
cpe:2.3:a:hp:operations_manager:9.0
-
cpe:2.3:a:hp:operations_manager:9.10
-
cpe:2.3:a:hp:operations_manager:9.11
-
cpe:2.3:a:hp:operations_manager:9.20.0
-
cpe:2.3:a:hp:operations_manager:9.21
-
cpe:2.3:a:hp:operations_manager:9.21.120