HP 정보누출

HP 정보누출  

명칭 : HP 정보누출

발령일시 : 4월29일

해당시스템 : DMA 10.20

위험도 : ★★★☆☆

최초 보고자 : HPSBMU02982 rev.1

[security bulletin] HPSBMU02982 rev.1 - HP Database and Middleware Automation, Disclosure of Information 

-----BEGIN PGP SIGNED MESSAGE----- 

Hash: SHA1 

Note: the current version of the following document is available here: 

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ 

docDisplay?docId=emr_na-c04201408 

SUPPORT COMMUNICATION - SECURITY BULLETIN 

Document ID: c04201408 

Version: 1 

HPSBMU02982 rev.1 - HP Database and Middleware Automation, Disclosure of 

Information 

NOTICE: The information in this Security Bulletin should be acted upon as 

soon as possible. 

Release Date: 2014-04-17 

Last Updated: 2014-04-17 

Potential Security Impact: Disclosure of information 

Source: Hewlett-Packard Company, HP Software Security Response Team 

VULNERABILITY SUMMARY 

A potential security vulnerability has been identified with HP Database and 

Middleware Automation (DMA). The vulnerability could be remotely exploited 

resulting in disclosure of information. 

References: CVE-2013-6212 (SSRT101475) 

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. 

HP database and Middleware Automation server v10.0, v10.01, v10.10, and 

v10.20 running on Linux 

HP database and Middleware Automation agents v10.0, v10.01, v10.10, and 

v10.20 running on Windows, Linux, Solaris, AIX, and HPUX 

BACKGROUND 

CVSS 2.0 Base Metrics 

=========================================================== 

Reference              Base Vector             Base Score 

CVE-2013-6212    (AV:L/AC:L/Au:S/C:P/I:P/A:P)       4.3 

=========================================================== 

           Information on CVSS is documented 

          in HP Customer Notice: HPSN-2008-002 

RESOLUTION 

HP Database and Middleware Automation (DMA ) v10.20.100 or subsequent 

available from HP Live Network and HP Software Support Online here 

http://support.openview.hp.com/   . 

HISTORY 

Version:1 (rev.1) - 17 April 2014 Initial release 

Third Party Security Patches: Third party security patches that are to be 

installed on systems running HP software products should be applied in 

accordance with the customer's patch management policy. 

Support: For issues about implementing the recommendations of this Security 

Bulletin, contact normal HP Services support channel.  For other issues about 

the content of this Security Bulletin, send e-mail to security-alert@hp.com. 

Report: To report a potential security vulnerability with any HP supported 

product, send Email to: security-alert@hp.com 

Subscribe: To initiate a subscription to receive future HP Security Bulletin 

alerts via Email: 

http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins   

Security Bulletin Archive: A list of recently released Security Bulletins is 

available here: 

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ 

Software Product Category: The Software Product Category is represented in 

the title by the two characters following HPSB. 

3C = 3COM 

3P = 3rd Party Software 

GN = HP General Software 

HF = HP Hardware and Firmware 

MP = MPE/iX 

MU = Multi-Platform Software 

NS = NonStop Servers 

OV = OpenVMS 

PI = Printing and Imaging 

PV = ProCurve 

ST = Storage Software 

TU = Tru64 UNIX 

UX = HP-UX 

Copyright 2014 Hewlett-Packard Development Company, L.P. 

Hewlett-Packard Company shall not be liable for technical or editorial errors 

or omissions contained herein. The information provided is provided "as is" 

without warranty of any kind. To the extent permitted by law, neither HP or 

its affiliates, subcontractors or suppliers will be liable for 

incidental,special or consequential damages including downtime cost; lost 

profits; damages relating to the procurement of substitute products or 

services; or damages for loss of data, or software restoration. The 

information in this document is subject to change without notice. 

Hewlett-Packard Company and the names of Hewlett-Packard products referenced 

herein are trademarks of Hewlett-Packard Company in the United States and 

other countries. Other product and company names mentioned herein may be 

trademarks of their respective owners. 

-----BEGIN PGP SIGNATURE----- 

Version: GnuPG v1.4.13 (GNU/Linux) 

iEYEARECAAYFAlNPNpoACgkQ4B86/C0qfVmyPwCg0dKtCKz2wCh1lzQLfViZMMfY 

3JMAn21duQybwFnMNuQt2PuCmO8laL9A 

=WKKp 

-----END PGP SIGNATURE-----