Hp: >> Insight Diagnostics >> 9.4.0.4710 Security Vulnerabilities
HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.
CVSS Score
10.0
EPSS Score
0.009
Published
2013-06-14
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.
CVSS Score
7.8
EPSS Score
0.148
Published
2013-06-14
hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.
CVSS Score
5.0
EPSS Score
0.156
Published
2013-06-14