|CVSS SCORE||7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
Virtual User Generator
The specific flaw exists in the handling of requests to the EmulationAdmin web service. This service exposes the getReport method which does not properly sanitize parameters allowing a remote attacker to inject arbitrary SQL into the underlying database. This can be leveraged by an attacker to gain remote code execution under the context of the current database.
Hewlett-Packard has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Andrea Micalizzi aka rgod