CVE-2014-7874

EUVD-2014-7724
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
hpsystem_management_homepage
𝑥
≤ 3.2.2
hpsystem_management_homepage
𝑥
≤ 3.2.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/60945
http://www.securitytracker.com/id/1031050
https://exchange.xforce.ibmcloud.com/vulnerabilities/97024
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04476799
http://secunia.com/advisories/60945
http://www.securitytracker.com/id/1031050
https://exchange.xforce.ibmcloud.com/vulnerabilities/97024
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04476799