A vulnerability allows remote attackers to access arbitrary files on systems with vulnerable installations of Hewlett-Packard OpenView Radia Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server bound by default to TCP port 3465. Insufficient checks on URLs containing paths such as '~root' allows attackers to access arbitrary files in the underlying OS. Accessing configuration files that contain LDAP and database credentials can lead to further compromise.
af925338a7cf70c91fe32c9bd6931bda87f7ed85ea2a9df0ad0a8003cb578315
HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Configuration Management (CM) Infrastructure (Radia) and Client Configuration Manager (CCM) running httpd.tkd. The vulnerability could be exploited to allow remote unauthorized access to data.
61fbeffc4e9eabfcc5445b208a1bd69ee3ba35f93ef9f74c01f52c729344cd0a