CVE-2014-7874

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Published: Oct 19, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-7874
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
hp / hp-ux	b.11.23	b.11.23.x
hp / system_management_homepage	-	3.2.2.x
hp / hp-ux	b.11.31	b.11.31.x
hp / system_management_homepage	-	3.2.7.x

http://secunia.com/advisories/60945
http://www.securitytracker.com/id/1031050
https://exchange.xforce.ibmcloud.com/vulnerabilities/97024
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04476799

Vulnerability Database

289,599

CVE-2014-7874