LiveActive security incident?Get immediate response
CVE Record

CVE-2012-3276: HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform...

HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This CVE affects certain HP OpenVMS releases on Itanium and Alpha systems. A local user could trigger a denial of service in login-related components, potentially disrupting access to the system. The public details do not explain the exact trigger or name a confirmed fix in the provided bundle.

Executive priority

Prioritize based on business dependency. This is not evidenced as internet-exploitable or actively exploited, but it can affect availability of critical legacy OpenVMS systems if local users are present.

Technical view

The issue is described as improper implementation of the LOGIN and ACME_SERVER ACMELOGIN programs in listed HP OpenVMS versions. The impact is local denial of service via unspecified vectors. No CVSS score, CWE, exploit details, or confirmed remediation text is present in the provided sources.

Likely exposure

Exposure is limited to environments running the listed HP OpenVMS versions on Itanium or Alpha platforms. Risk is highest where local user accounts exist on critical legacy systems.

Exploitation context

The bundle does not show CISA KEV listing or other evidence of active exploitation. The CVE states local users can cause denial of service, but vectors are unspecified.

Researcher notes

Public technical detail is sparse. The record names affected versions, impacted programs, and local denial of service impact, but not root cause, attack vector specifics, CVSS, CWE, or remediation details beyond the HP advisory reference.

Mitigation direction

  • Review HP SSRT101055 for vendor-confirmed fixes or operational guidance.
  • Inventory OpenVMS systems by version and Alpha or Itanium platform.
  • Prioritize remediation for critical systems with local interactive users.
  • Limit unnecessary local accounts and interactive login access.
  • Monitor login and ACME_SERVER stability until vendor guidance is applied.

Validation and detection

  • Confirm whether any host runs an affected OpenVMS version and platform.
  • Compare patch status against HP SSRT101055 guidance.
  • Review system logs for login failures, service restarts, or availability anomalies.
  • Verify local account population and remove unnecessary access.
  • Document compensating controls where vendor remediation is unavailable.
Prepared
Confidence
medium
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2012-3276 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.