HP System Management Homepage Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks
|
SecurityTracker Alert ID: 1033014 |
SecurityTracker URL: http://securitytracker.com/id/1033014
|
CVE Reference:
CVE-2015-2134
(Links to External Site)
|
Date: Jul 22 2015
|
Impact:
Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 7.5.0
|
Description:
A vulnerability was reported in HP System Management Homepage. A remote user can conduct cross-site request forgery attacks.
A remote user can create a specially crafted HTML page or URL that, when loaded by the target authenticated user, will take actions on the target interface acting as the target user.
|
Impact:
A remote user can take actions on the target system acting as the target authenticated user.
|
Solution:
The vendor has issued a fix (7.5.0).
The vendor's advisory is available at:
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04746490
|
Vendor URL: h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04746490 (Links to External Site)
|
Cause:
Access control error, Input validation error
|
Underlying OS: Linux (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|