Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1586Improper Input Validation in HP System Management Homepage

CWE-20Improper Input ValidationCWE-73External Control of File Name or PathCWE-22Path Traversal7 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 36.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
HP System Management Homepage
Timeline
PublishedApr 28
Latest updateMay 17

Description

Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDhp/system_management_homepage30 versions+29

🔴Vulnerability Details

2
GHSA
GHSA-g83g-c7r4-jvj2: Open redirect vulnerability in red23012022-05-17
CVEList
CVE-2010-1586: Open redirect vulnerability in red23012010-04-28

💥Exploits & PoCs

2
Exploit-DB
HP System Management Homepage - 'RedirectUrl' Open Redirection2010-04-25
Nuclei
HP System Management Homepage (SMH) v2.x.x.x - Open Redirect

📋Vendor Advisories

1
Red Hat
kdenetwork: incomplete fix for CVE-2010-10002011-04-11

💬Community

1
Bugzilla
CVE-2011-1586 kdenetwork: incomplete fix for CVE-2010-10002011-04-15
CVE-2010-1586 — Improper Input Validation in HP | cvebase