Skip to main content

System Management Homepage CVE-2023-50271

HIGH
Information Exposure (CWE-200)
2023-12-17 security-alert@hpe.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 17, 2023 - 15:15 nvd
HIGH 7.5

DescriptionNVD

A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.

AnalysisAI

A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information. Affected products include: Hp System Management Homepage.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2016-5385 HIGH POC
8.1 Jul 19

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect

CVE-2013-3576 CRITICAL POC
9.0 Jun 14

ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands vi

CVE-2015-4024 MEDIUM POC
5.0 Jun 09

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.

CVE-2015-3145 HIGH
7.5 Apr 24

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which

CVE-2016-5387 HIGH
8.1 Jul 19

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from t

CVE-2016-5388 HIGH
8.1 Jul 19

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18

CVE-2016-4543 CRITICAL POC
9.8 May 22

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6

CVE-2016-1995 CRITICAL
9.8 Mar 18

HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. R

CVE-2012-2012 CRITICAL
10.0 Jun 29

HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields

CVE-2012-2015 CRITICAL
9.0 Jun 29

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain

CVE-2012-2014 CRITICAL
9.0 Jun 29

HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated use

CVE-2016-1993 HIGH
8.1 Mar 18

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify

Share

CVE-2023-50271 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy