Skip to main content

System Management Homepage CVE-2014-7874

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2014-10-19 hp-security-alert@hp.com
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Oct 19, 2014 - 01:55 cve.org
MEDIUM 6.8

DescriptionCVE.org

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

AnalysisAI

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Affected products include: Hp System Management Homepage, Hp Hp-Ux. Version information: before 3.2.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2016-5385 HIGH POC
8.1 Jul 19

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect

CVE-2013-3576 CRITICAL POC
9.0 Jun 14

ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands vi

CVE-2015-4024 MEDIUM POC
5.0 Jun 09

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.

CVE-2015-3145 HIGH
7.5 Apr 24

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which

CVE-2016-5387 HIGH
8.1 Jul 19

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from t

CVE-2016-5388 HIGH
8.1 Jul 19

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18

CVE-2016-4543 CRITICAL POC
9.8 May 22

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6

CVE-2016-1995 CRITICAL
9.8 Mar 18

HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. R

CVE-2012-2012 CRITICAL
10.0 Jun 29

HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields

CVE-2012-2015 CRITICAL
9.0 Jun 29

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain

CVE-2012-2014 CRITICAL
9.0 Jun 29

HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated use

CVE-2016-1993 HIGH
8.1 Mar 18

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify

Share

CVE-2014-7874 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy