CSRF Vulnerability in HP Power Manager by HP
CVE-2011-0277

Currently unrated

Key Information:

Vendor: HP
Status: Power Manager
Vendor: CVE Published:; 9 February 2011

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in HP Power Manager (HPPM) version 4.3.2 and earlier. This flaw allows remote attackers to execute unauthorized actions by hijacking the session of an authenticated administrator, particularly for creating new administrative accounts. Successful exploitation could lead to unauthorized access and potential compromise of the affected system.

References

http://www.securitytracker.com/id?1025032

vdb-entryx_refsource_SECTRACK

http://osvdb.org/70836

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/46258

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Feb 9, 2011
Vulnerability Reserved
Dec 23, 2010