CVE-2014-7874Cross-Site Request Forgery in HP System Management Homepage

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.2%
top 62.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
HP System Management HomepageHP Hp-ux
Timeline
PublishedOct 19
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDhp/hp-uxb.11.23, b.11.31+1

🔴Vulnerability Details

2
GHSA
GHSA-hhvc-3rm5-x4m2: Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 32022-05-17
CVEList
CVE-2014-7874: Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 32014-10-19
CVE-2014-7874 — Cross-Site Request Forgery in HP | cvebase