Cross-Site Request Forgery Vulnerability in HP Insight Control Performance Management
CVE-2011-1545

Currently unrated

Key Information:

Vendor: HP
Status: Insight Control Performance Management
Vendor: CVE Published:; 3 May 2011

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in HP Insight Control Performance Management prior to version 6.3. This security flaw enables remote attackers to execute unauthorized commands on behalf of a user without their consent, potentially leading to the hijacking of authentication sessions. Attackers can exploit this vulnerability via various unknown vectors, posing a significant threat to the integrity and confidentiality of user data.

References

http://secunia.com/advisories/44216

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id?1025431

vdb-entryx_refsource_SECTRACK

http://securityreason.com/securityalert/8237

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
May 3, 2011
Vulnerability Reserved
Mar 29, 2011