CSRF Vulnerability in HP System Management Homepage on HP-UX
CVE-2014-7874

Currently unrated

Key Information:

Vendor: HP
Status: HP-ux; System Management Homepage
Vendor: CVE Published:; 19 October 2014

Summary

A cross-site request forgery (CSRF) vulnerability exists in HP System Management Homepage, affecting versions prior to 3.2.3 on HP-UX B.11.23 and prior to 3.2.8 on HP-UX B.11.31. This security flaw allows remote attackers to potentially hijack user authenticated sessions through unknown vectors, posing a significant risk to affected systems and users.

References

http://secunia.com/advisories/60945

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/97024

vdb-entryx_refsource_XF

http://www.securitytracker.com/id/1031050

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Oct 19, 2014
Vulnerability Reserved
Oct 6, 2014