header-logo
Suggest Exploit
vendor:
Oneview Monitor
by:
Unknown
7.5
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: Oneview Monitor
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-2010-2925
CPE: a:computer_associates:oneview_monitor
Metasploit:
Other Scripts:
Platforms Tested:
2010

Remote Code Execution Vulnerability in Computer Associates Oneview Monitor

The Computer Associates Oneview Monitor application fails to properly sanitize user-supplied input, leading to a remote code execution vulnerability. An attacker can inject and execute arbitrary JSP code in the context of the affected webserver by exploiting this issue.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the necessary patches or updates provided by the vendor. Additionally, input validation and sanitization should be implemented to prevent malicious code execution.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/42413/info

Computer Associates Oneview Monitor is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to inject and execute arbitrary JSP code in the context of the affected webserver. 

The following example URI is available:

ttp://www.example.com/sitemindermonitor/doSave.jsp?file=../attacksample.jsp

Navigation

Suggest Exploit

Services By CQR