This Metasploit module exploits a lack of authentication and access control in HP Intelligent Management, specifically in the AccountService RpcServiceServlet from the SOM component, in order to create a SOM account with Account Management permissions. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.2 E0401 and 5.1 E202 with SOM 5.2 E0401 and SOM 5.1 E0201 over Windows 2003 SP2.
f80f182bd3efcc931cc161e517ad609080f18fbbea524563033651e7394cda0f
HP Security Bulletin HPSBGN02930 - Potential security vulnerabilities have been identified with HP Intelligent Management Center(iMC) and HP IMC Service Operation Management Software Module. The vulnerabilities could be remotely exploited resulting in authentication bypass, disclosure of information, unauthorized access, and SQL injection. Revision 1 of this advisory.
ed80653a7b39082fbd690748e17e6d6cb46a3a985f47c9488f5609c7fbb84338