CVE-2011-4162

{"id": "CVE-2011-4162", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-12-05T11:55:07.117", "references": [{"url": "http://marc.info/?l=bugtraq&m=132284686204608&w=2", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://marc.info/?l=bugtraq&m=132284686204608&w=2", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://marc.info/?l=bugtraq&m=134152032516062&w=2", "source": "hp-security-alert@hp.com"}, {"url": "http://marc.info/?l=bugtraq&m=134152032516062&w=2", "source": "hp-security-alert@hp.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71600", "source": "hp-security-alert@hp.com"}, {"url": "https://www.htbridge.ch/advisory/heap_memory_corruption_in_hp_device_access_manager_for_protect_tools_information_store.html", "tags": ["Exploit"], "source": "hp-security-alert@hp.com"}, {"url": "http://marc.info/?l=bugtraq&m=132284686204608&w=2", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=132284686204608&w=2", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=134152032516062&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=134152032516062&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71600", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.htbridge.ch/advisory/heap_memory_corruption_in_hp_device_access_manager_for_protect_tools_information_store.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument."}, {"lang": "es", "value": "Los m\u00e9todos (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx y (6) RemoveUserRegardless en HP Protect Tools Device Access Manager (PTDAM) antes de v6.1.0.1 permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (por corrupci\u00f3n de memoria din\u00e1mica) a trav\u00e9s de un argumento SidString demasiado largo."}], "lastModified": "2024-11-21T01:31:57.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:protecttools_device_access_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C7F7C45-4842-4AA9-9378-4A790EC95B37", "versionEndIncluding": "6.0.0.12"}, {"criteria": "cpe:2.3:a:hp:protecttools_device_access_manager:6.0.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7AB4314-66B7-45AA-8F62-52418352848E"}, {"criteria": "cpe:2.3:a:hp:protecttools_device_access_manager:6.0.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE0FA397-9E9C-4A74-A96A-5EC7BE2AE1D6"}], "operator": "OR"}]}], "sourceIdentifier": "hp-security-alert@hp.com"}