[VIM] HP / OfO vulnerability question

Morris, John R. (SSRT) john.morris at hp.com
Mon Jul 27 12:56:07 UTC 2009

Hello Brian,

Oracle for Openview (OfO) is Oracle.  The only special characteristic of OfO is that HP provided it in a package with Openview.  We issued a Security Bulletin for OfO because there may have been customers who did not have support contracts with Oracle and could only get updates from HP.  The purpose of the Security Bulletin was to inform customers how to get the Oracle Critical Patch Updates.  

We no longer update the Security Bulletin.  HPSBMA02133 SSRT061201 rev.9 says:

Note: This will be the last revision of this Security Bulletin. Customers should monitor the Oracle site for future Critical Patch Updates. The schedule for future Oracle Critical Patch Updates is available here: http://www.oracle.com/technology/deploy/security/alerts.htm 

HP did not request Mitre to assign a CVE.  However, we did reference the CVE that Mitre assigned independently. 

Yours truly,
john.morris at hp.com
HP Software Security Response Team (SSRT)

-----Original Message-----
From: security curmudgeon [mailto:jericho at attrition.org] 
Sent: Monday, July 27, 2009 4:33 AM
To: security-alert
Cc: Vulnerability Information Managers
Subject: HP / OfO vulnerability question

Hello HP,


This references CVE-2008-1666, which is not reference in the cpujul2008 Oracle update. Would you please clarify if this CVE identifier covers a vulnerability specific to OfO, or if this bulletin only covers vulnerabilities in the cpujul2008 advisory?

Thank you,


More information about the VIM mailing list