HP System Management Homepage Cross-site Request Forgery Vulnerability Network Vulnerability

Summary

This host is running HP System Management Homepage (SMH) and is prone to cross-site request forgery vulnerability.

Impact

Successful exploitation will allow remote attackers to create an arbitrary user with administrative privileges, if a logged-in administrative user visits a malicious web site. Impact Level: Application

Solution

Upgrade to HP System Management Homepage (SMH) version 7.0 or later, For updates refer to http://h18000.www1.hp.com/products/servers/management/agents/index.html

Insight

The flaw is due to certain actions via HTTP requests without performing any validity checks to verify the requests.

Affected

HP System Management Homepage (SMH) version 6.2.2.7

References

http://secunia.com/advisories/43012
http://www.securityfocus.com/bid/52974

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3846

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2/XWork Remote Command Execution Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities