HP Insight Control Server Migration for Windows Lets Remote Users Conduct Cross-Site Request Forgery Attacks and Local Users Gain Unauthorized Access to Data
|
|
SecurityTracker Alert ID: 1024186 |
|
SecurityTracker URL: http://securitytracker.com/id?1024186
|
|
CVE Reference:
CVE-2010-1970, CVE-2010-1971
(Links to External Site)
|
Date: Jul 13 2010
|
Impact:
Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 6.1
|
Description:
A vulnerability was reported in HP Insight Control Server Migration for Windows. A remote user can conduct cross-site request forgery attacks. A local user can gain unauthorized access to data.
No details were provided.
|
Impact:
A remote user can conduct cross-site request forgery attacks.
A local user can gain unauthorized access to data.
|
Solution:
The vendor has issued a fix (6.1).
The vendor's advisory is available at:
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
|
Vendor URL: www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388 (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 13 Jul 2010 04:57:51 +0000
Subject: HPSBMA02553 SSRT100184 rev.1 - HP Insight Control Server Migration for Windows, Local and Remote Unauthorized Access to Data, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)
|
CVE-2010-1970 (local unauthorized access to data), CVE-2010-1971 (CSRF)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
|
|
