Summary
This host is running HP System Management Homepage (SMH) and is prone to cross-site request forgery vulnerability.
Impact
Successful exploitation will allow remote attackers to create an arbitrary user with administrative privileges, if a logged-in administrative user visits a malicious web site.
Impact Level: Application
Solution
Upgrade to HP System Management Homepage (SMH) version 7.0 or later, For updates refer to http://h18000.www1.hp.com/products/servers/management/agents/index.html
Insight
The flaw is due to certain actions via HTTP requests without performing any validity checks to verify the requests.
Affected
HP System Management Homepage (SMH) version 6.2.2.7
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-3846 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Ampache Reflected Cross Site Scripting Vulnerability
- Apache Struts2/XWork Remote Command Execution Vulnerability