HP System Management Homepage Multiple Vulnerabilities

Last Update Date: 22 Jul 2013 10:54 Release Date: 22 Jul 2013 4145 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Network Management

TYPE: Network Management

Multiple vulnerabilities have been identified in HP System Management Homepage, which can be exploited by attackers to potentially gain escalated privileges, cause a DoS (Denial of Service), conduct cross-site scripting attacks, disclose certain sensitive information, hijack a user's session, and compromise a vulnerable system.

  1. Unspecified error can be exploited to disclose certain information.
  2. Unspecified error can be exploited to cause a DoS.
  3. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Impact

  • Cross-Site Scripting
  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • HP System Management Homepage 7.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 7.2.1 or later.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Apache Struts DefaultActionMapper Redirection and OGNL Security Bypass Vulnerabilities

19 Jul 2013 4461 Views

Next

Symantec Encryption Management Server Email Attachments Script Insertion Vulnerability

24 Jul 2013 3915 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY