Cross-Site Request Forgery(CSRF)  in HP (Hewlett-Packard)

Potential security vulnerabilities have been identified with HP Service Manager. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, unauthorized access, disclosure of Information, and authentication issues.

Effected Software Versions

HP Service Manager
  • v9.30
  • v9.31
  • v9.32
  • v9.33


HP has made the following software updates available to resolve the vulnerabilities.

Technical Details

  • CVE-2013-1493 - Oracle Java JRE 1.7 Remote Execution of Arbitrary Code and Denial of Service (DoS)
  • CVE-2013-2067 - Apache Tomcat Authentication Issues
  • CVE-2013-6202 - Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information
Source: HP

Post a Comment Blogger