A vulnerability in Hewlett-Packard's OpenView Select Access threatens to allow remote attackers to bypass restrictions and access enterprise resources. Administrators need to apply patches to fix the problem, which is only the latest of a number of recent HP OpenView vulnerabilities.
HP's OpenView Select Access is designed to manage user identities and provide secure Web-based access to network and enterprise resources. Select Access has a
This is only the latest vulnerability to affect OpenView. Other previously-reported problems in the past six months have included at least two more security bypass issues, as well as denial of service difficulties.
However, security bypass is emerging as a widespread problem in many applications besides Select Access. Since the beginning of 2004, there have been at least a dozen significant examples. Affected applications have included Apache, BEA WebLogic, eTrust Antivirus, F-Secure Anti-Virus, Microsoft Internet Explorer and Microsoft Outlook. When exploited remotely, security bypass can be a stepping stone for attackers to do more serious damage to systems.