This Metasploit module exploits a lack of authentication and access control in HP Intelligent Management, specifically in the FileDownloadServlet from the SOM component, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.2_E0401 with SOM 5.2 E0401 over Windows 2003 SP2.
1850a191353250b7a4f39ae00758d5a46a4b1b6e1c9ca0c3c46852217064aebe
HP Security Bulletin HPSBGN02930 - Potential security vulnerabilities have been identified with HP Intelligent Management Center(iMC) and HP IMC Service Operation Management Software Module. The vulnerabilities could be remotely exploited resulting in authentication bypass, disclosure of information, unauthorized access, and SQL injection. Revision 1 of this advisory.
ed80653a7b39082fbd690748e17e6d6cb46a3a985f47c9488f5609c7fbb84338