END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 20 January 2009 Initial release
Version:2 (rev.2) - 29 April 2009 Added NNM v7.01 hotfix
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
END AFFECTED VERSIONS
HISTORY
Version: 1 (rev.1) - 29 April 2008 Initial release
Version: 2 (rev.2) - 05 May 2008 Modified affected versions
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
URL: http://itrc.hp.com
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 29 April 2008 Initial release
Version:2 (rev.2) - 05 May 2008 Modified affected versions
Version:3 (rev.3) - 10 February 2009 Added A.02.00.11 patches
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 20 January 2009 Initial release
Version:2 (rev.2) - 29 April 2009 Added NNM v7.01 hotfix
Version:3 (rev.3) - 10 December 2009 NNM v7.01 hotfix moved to ftp.usa.hp.com
Version:4 (rev.4) - 4 May 2010 Added NNM v7.01(IA), patches for NNM v7.01(PA)
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Vulnerability ID: HTB22363
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_npds.html
Product: NPDS REvolution
Vendor: NPDS
Vulnerable Version: REvolution 10.02 and Probably Prior Versions
Vendor Notification: 29 April 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium
Credit: High-Tech Bridge SA (http://www.htbridge.ch/)
URL: http://itrc.hp.com
END AFFECTED VERSIONS
HISTORY
Version: 1 (rev.1) - 29 April 2008 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 20 January 2009 Initial release
Version:2 (rev.2) - 29 April 2009 Added NNM v7.01 hotfix
Version:3 (rev.3) - 10 December 2009 NNM v7.01 hotfix moved to ftp.usa.hp.com
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Vulnerability ID: HTB22364
Reference: http://www.htbridge.ch/advisory/blind_sql_injection_vulnerability_in_NPDSREvolution.html
Product: NPDS REvolution
Vendor: NPDS
Vulnerable Version: REvolution 10.02 and Probably Prior Versions
Vendor Notification: 29 April 2010
Vulnerability Type: Blind SQL Injection
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High
Credit: High-Tech Bridge SA (http://www.htbridge.ch/)
