Cross-Site Request Forgery in HP Insight Management Agents for Windows Server
CVE-2012-2003

Currently unrated

Key Information:

Vendor: HP
Status: Insight Management Agents
Vendor: CVE Published:; 2 May 2012

Summary

A cross-site request forgery (CSRF) vulnerability exists in the HP Insight Management Agents prior to version 9.0.0.0 on Windows Server 2003 and 2008. This flaw enables remote attackers to hijack the authentication of users through unknown vectors, potentially leading to unauthorized actions being performed on behalf of the victim. The complexity and vector of this attack can vary, making mitigation essential for maintaining security.

References

http://www.securityfocus.com/bid/53341

vdb-entryx_refsource_BID

http://osvdb.org/81666

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/49054

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
May 2, 2012
Vulnerability Reserved
Apr 2, 2012