A number of critical and high-risk vulnerabilities exist in Hewlett-Packard's OpenView system management software, NGS Software said in an advisory Wednesday. The security software and consulting company reported the flaws to HP, which has released fixes to address the problems. OpenView products on Microsoft Windows, Linux. HP-UX and Sun Microsystems' Solaris operating systems are affected, NGS Software said.
The flaws can be exploited by anonymous, remote attackers to fully compromise a vulnerable server, NGS Software said. The security company is not providing any further details for three months to give users time to apply the available patches. Symantec in an advisory said the problems affect the HP OpenView Event Correlation Services (registration required). People are advised to apply HP's patches.