Cross-Site Request Forgery Vulnerabilities in HP Service Manager by HP
CVE-2013-6202

Currently unrated

Key Information:

Vendor: HP
Status: Service Manager
Vendor: CVE Published:; 24 February 2014

Summary

Multiple vulnerabilities exist within HP Service Manager versions 9.30 to 9.33 that permit remote attackers to exploit cross-site request forgery. These vulnerabilities enable unauthorized actions, such as executing arbitrary code or inserting malicious XSS sequences by hijacking user authentication. This poses significant risks to data integrity and application security, necessitating urgent attention to implement protective measures.

References

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/...

vendor-advisoryx_refsource_HP

http://www.securitytracker.com/id/1029803

vdb-entryx_refsource_SECTRACK

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/...

vendor-advisoryx_refsource_HP

Timeline

Vulnerability published
Feb 24, 2014
Vulnerability Reserved
Oct 21, 2013