Vulnerability Details : CVE-2011-4834
The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.
Products affected by CVE-2011-4834
- cpe:2.3:a:hp:application_lifestyle_management:11:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-4834
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 20 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-4834
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2011-4834
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4834
-
http://www.securityfocus.com/archive/1/520783/100/0/threaded
SecurityFocus
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/71698
HP Application Lifestyle Management GetInstalledPackages() symlink CVE-2011-4834 Vulnerability Report
-
http://0a29.blogspot.com/2011/12/0a29-11-2-privilege-escalation.html
0a29: 0A29-11-2 : Privilege escalation vulnerability in HP Application Lifestyle Management (ALM) Platform v11Exploit
Jump to