CVE-2012-5211 – Hewlett-Packard Intelligent Management Center UAM acmServletDownload Servlet Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2012-5211

Unspecified vulnerability in HP Intelligent Management Center (iMC) User Access Manager (UAM) before 5.2 E0402 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1643. Vulnerabilidad no especificada en HP Intelligent Management Center (iMC) User Access Manager (UAM) anterior a v5.2 E0402, permitiendo a atacantes remotos obtener información sensible, modificar datos o causar una denegación de servicio mediante vectores desconocidos, también conocida como ZDI-CAN-1643. This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acmServletDownload servlet. This servlet contains a directory traversal vulnerability that allows any file readable by SYSTEM to be disclosed. • http://marc.info/?l=bugtraq&m=136268852804156&w=2 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276 •