CVE-2007-4349
CVE-2007-4349 is a medium-severity vulnerability in Hp Openview Performance Agent with a CVSS 2.0 base score of 4.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.3)
- EPSS exploit prediction: 3% (86th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Hp Openview Performance Agent
- Published:
- Last modified:
Description
The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference.
Frequently asked questions
- What is CVE-2007-4349?
- The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference.
- How severe is CVE-2007-4349?
- CVE-2007-4349 has a CVSS 2.0 base score of 4.3, rated medium severity.
- Is CVE-2007-4349 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (86th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2007-4349?
- CVE-2007-4349 primarily affects Hp Openview Performance Agent. In total, 5 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2007-4349?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2007-4349 published?
- CVE-2007-4349 was published on 2008-10-23 and last updated on 2026-06-16.
References
- http://marc.info/?l=bugtraq&m=122876677518654&w=2
- http://marc.info/?l=bugtraq&m=122876827120961&w=2
- http://secunia.com/advisories/27054
- http://secunia.com/secunia_research/2007-83/
- http://securityreason.com/securityalert/4501
- http://www.securityfocus.com/archive/1/497648/100/0/threaded
- http://www.securityfocus.com/bid/31860
- http://www.securitytracker.com/id?1021092
- http://www.vupen.com/english/advisories/2008/2888
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46028
Affected products (5)
- cpe:2.3:a:hp:openview_performance_agent:c.04.60:*:*:*:*:*:*:*
- cpe:2.3:a:hp:openview_performance_agent:c.04.61:*:*:*:*:*:*:*
- cpe:2.3:a:hp:openview_reporter:3.70:*:*:*:*:*:*:*
- cpe:2.3:a:hp:performance_agent:4.70:*:*:*:*:*:*:*
- cpe:2.3:a:hp:reporter:3.8:*:*:*:*:*:*:*
More vulnerabilities in Hp Openview Performance Agent
- CVE-2008-4420 — Critical (CVSS 9.3): Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in…
- CVE-2011-2608 — Medium (CVSS 6.4): ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0,…