Details of VAR-201105-0303

ID

VAR-201105-0303

TITLE

BMC Dashboards Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: f126e3ee-1f95-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1749

DESCRIPTION

BMC Dashboards is an operational management analysis software for BSM decision support automation. BMC Dashboards has multiple input vulnerabilities that allow attackers to perform cross-site scripting attacks. A remote attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Exploiting the information-disclosure issues allows the attacker to view local files within the context of the webserver process

Trust: 1.71

sources: CNVD: CNVD-2011-1749 // CNVD: CNVD-2011-1748 // BID: 47731 // IVD: f126e3ee-1f95-11e6-abef-000c29c66e3d // IVD: f2858484-1f95-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.6

sources: IVD: f126e3ee-1f95-11e6-abef-000c29c66e3d // IVD: f2858484-1f95-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1749 // CNVD: CNVD-2011-1748

AFFECTED PRODUCTS

vendor:

bmc

model:

dashboards

scope:

version:

7.6.01

Trust: 1.9

sources: IVD: f126e3ee-1f95-11e6-abef-000c29c66e3d // IVD: f2858484-1f95-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1749 // CNVD: CNVD-2011-1748 // BID: 47731

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	f126e3ee-1f95-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	f2858484-1f95-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

IVD:	f126e3ee-1f95-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2
IVD:	f2858484-1f95-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: f126e3ee-1f95-11e6-abef-000c29c66e3d // IVD: f2858484-1f95-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-538

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 47731

EXTERNAL IDS

db:	BID	id:	47731	Trust: 2.1
db:	CNVD	id:	CNVD-2011-1749	Trust: 0.8
db:	CNVD	id:	CNVD-2011-1748	Trust: 0.8
db:	CNNVD	id:	CNNVD-201503-538	Trust: 0.6
db:	IVD	id:	F126E3EE-1F95-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	F2858484-1F95-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: f126e3ee-1f95-11e6-abef-000c29c66e3d // IVD: f2858484-1f95-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1749 // CNVD: CNVD-2011-1748 // BID: 47731 // CNNVD: CNNVD-201503-538

REFERENCES

url:	http://www.securityfocus.com/bid/47731/	Trust: 1.2
url:	http://www.securityfocus.com/bid/47731	Trust: 0.6
url:	http://www.bmc.com/	Trust: 0.3

sources: CNVD: CNVD-2011-1749 // CNVD: CNVD-2011-1748 // BID: 47731 // CNNVD: CNNVD-201503-538

CREDITS

Richard Brain and Jan Fry of ProCheckUp Ltd.

Trust: 0.9

sources: BID: 47731 // CNNVD: CNNVD-201503-538

SOURCES

db:	IVD	id:	f126e3ee-1f95-11e6-abef-000c29c66e3d
db:	IVD	id:	f2858484-1f95-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-1749
db:	CNVD	id:	CNVD-2011-1748
db:	BID	id:	47731
db:	CNNVD	id:	CNNVD-201503-538

LAST UPDATE DATE

2022-05-17T02:09:11.480000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-1749	date:	2011-05-06T00:00:00
db:	CNVD	id:	CNVD-2011-1748	date:	2011-05-06T00:00:00
db:	BID	id:	47731	date:	2015-03-19T09:21:00
db:	CNNVD	id:	CNNVD-201503-538	date:	2015-03-25T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	f126e3ee-1f95-11e6-abef-000c29c66e3d	date:	2011-05-06T00:00:00
db:	IVD	id:	f2858484-1f95-11e6-abef-000c29c66e3d	date:	2011-05-06T00:00:00
db:	CNVD	id:	CNVD-2011-1749	date:	2011-05-06T00:00:00
db:	CNVD	id:	CNVD-2011-1748	date:	2011-05-06T00:00:00
db:	BID	id:	47731	date:	2011-05-05T00:00:00
db:	CNNVD	id:	CNNVD-201503-538	date:	2011-05-05T00:00:00