发布日期：2014-10-08
更新日期：2014-10-10

受影响系统：

HP Operations Manager

描述：

---

BUGTRAQ  ID: 70353
CVE(CAN) ID: CVE-2014-2649

HP Operations Orchestration是一款运维手册自动化平台，可实现客户端设备和数据中心基础设施变更、部署的自动化。

HP Operations Manager 9.10、9.11版本在实现上存在代码执行漏洞，攻击者可利用此漏洞在受影响应用上下文中执行任意代码。

<*来源：vendor
  
  链接：https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04472866
*>

建议：

---

厂商补丁：

HP
--
HP已经为此发布了一个安全公告（HPSBMU03127）以及相应补丁:
HPSBMU03127：HP Operations Manager for UNIX, Remote Code Execution
链接：https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04472866

OMHPUX_00004
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/fac
etse
arch/document/KM01188205

ITOSOL_00802
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/fac
etse
arch/document/KM01187924

OML_00080
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/fac
etse
arch/document/KM01187666

9.11.120 Java UI patches: Component
Download Location

OMHPUX_00005
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/fac
etse
arch/document/KM01187192

ITOSOL_00803
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/fac
etse
arch/document/KM01187435

OML_00081
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/fac
etse
arch/document/KM01188103

9.20.300 server patches: Component
Download Location

OMHPUX_00006
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/fac
etse
arch/document/KM01188207

ITOSOL_00804
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/fac
etse
arch/document/KM01188065

OML_00082
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/fac
etse
arch/document/KM01188209

浏览次数：1835
严重程度：0（网友投票）