CVE-2014-2641
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
Published at
2014-10-02T00:55Z
3497 days ago
Modified
2019-10-09T23:10Z
1663 days ago
CWE-352
Problem type
References
| URL | Type |
|---|---|
| SSRT101438 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04463322 | HP |
| 1030960 http://www.securitytracker.com/id/1030960 | SECTRACK |
GET https://vulnerabilitydata.com/api/details/CVE-2014-2641
{
"id": "CVE-2014-2641",
"published_date": "2014-10-02T00:55Z",
"last_modified_date": "2019-10-09T23:10Z",
"assigner": "hp-security-alert@hp.com",
"description": "Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.",
"references": [
{
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04463322",
"name": "SSRT101438",
"refsource": "HP",
"tags": []
},
{
"url": "http://www.securitytracker.com/id/1030960",
"name": "1030960",
"refsource": "SECTRACK",
"tags": []
}
],
"impact": {
"baseMetricV2": {
"cvssV2": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6
},
"severity": "MEDIUM",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
},
"problem_type": "CWE-352"
}