Potential security vulnerabilities have been identified with HP Service Manager. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, unauthorized access, disclosure of Information, and authentication issues.
Effected Software VersionsHP Service Manager
SolutionHP has made the following software updates available to resolve the vulnerabilities.
- AIX Server 9.33.0035
- HP Itanium Server 9.33.0035
- Linux Server 9.33.0035
- Solaris Server 9.33.0035
- Windows Server 9.33.0035
- Web Tier 9.33.0035
- Windows Client 9.33.0035
- Windows Client Configuration 9.33.0035
- Mobility 9.33.0006
- Applications 9.33.0035
- CVE-2013-1493 - Oracle Java JRE 1.7 Remote Execution of Arbitrary Code and Denial of Service (DoS)
- CVE-2013-2067 - Apache Tomcat Authentication Issues
- CVE-2013-6202 - Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information