HP Quality Center Authentication Bypass

CVE-2009-0116

Type

HP Quality Center Unauthenticated Access

Severity

High

Affected products

HP Quality Center

Date

2008-10-03

CVE Reference

CVE-2009-0116

HP Quality Center versions 9.0 and 9.2 makes extensive use of ActiveX components and auxiliary client side DLL’s. During use of the application, allot of client side processing takes place. By exploiting the weak trust boundary between the server and the client components, it is possible to bypass authentication for the HP Quality Center administrative pages.