CVE-2011-0270

Published: Jan 13, 2011Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name.

Affected (2)

Products: Hp: Openview Network Node Manager

1 product

Openview Network Node Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Hp Openview Network Node Manager	Version 7.51
Hp Openview Network Node Manager	Version 7.53

Related CWEs

CWE-134

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (14)

http://osvdb.org/70474

Source: hp-security-alert@hp.com

http://www.securityfocus.com/archive/1/515628

Source: hp-security-alert@hp.com

http://www.securityfocus.com/bid/45762

Source: hp-security-alert@hp.com

http://www.securitytracker.com/id?1024951

Source: hp-security-alert@hp.com

http://www.vupen.com/english/advisories/2011/0085

Source: hp-security-alert@hp.com

http://www.zerodayinitiative.com/advisories/ZDI-11-012/

Source: hp-security-alert@hp.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/64646

Source: hp-security-alert@hp.com

http://osvdb.org/70474