Cross-Site Request Forgery Vulnerability in HP Insight Control Virtual Machine Management
CVE-2010-3989

Currently unrated

Key Information:

Vendor: HP
Status: Insight Control Virtual Machine Management
Vendor: CVE Published:; 28 October 2010

What is CVE-2010-3989?

A vulnerability exists in HP Insight Control Virtual Machine Management prior to version 6.2 that exposes users to potential remote attacks. Attackers can exploit this Cross-Site Request Forgery (CSRF) vulnerability to hijack the authentication of unspecified victims. This exploitation may allow unauthorized actions performed on behalf of authenticated users, resulting in data exposure or compromise of the affected system. Organizations using this software should review their systems and implement appropriate mitigation strategies to address this security risk.

References

http://www.securityfocus.com/bid/44435

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=128811259326540&w=2

vendor-advisoryx_refsource_HP

http://marc.info/?l=bugtraq&m=128811259326540&w=2

vendor-advisoryx_refsource_HP

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2010
Vulnerability Reserved
Oct 18, 2010