Hewlett-Packard (HP) is sending out a warning about two security vulnerabilities in its Operations Agent server monitoring software.
Unspecified errors in the enterprise software for AIX, HP-UX, Linux, Solaris and Windows can suffer exploitation by a remote attacker to compromise a vulnerable system and execute arbitrary code, company officials said. Both of these errors have a CVSS 2.0 (Common Vulnerability Scoring System) base score of 10.0, the highest possible severity rating.
Versions prior to 11.03.12 on all supported platforms suffer from the issue; upgrading to 11.03.12 corrects the problems.
Independent Security Researcher, Luigi Auriemma, reported these vulnerabilities to HP via TippingPoint’s Zero Day Initiative (ZDI).
A full list of affected versions, and patch download information are in the company’s security advisory.
HP advises all administrators to install the patches as soon as possible.