Cross-Site Request Forgery(CSRF) Vulnerability in HP Service Manager

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi95cNED1sSP_JKoftxfkj3UFWlO-Cx3ZuqmFFSzczDImVpij9pBh6opd4ZHStF1joHDuiQKa32dyXmUrABdEatbMYD0sAy0KB_TikKCbdZ7edATNhww8oqB6DAxfIQ2lHShhWF2BDUSi4/s1600/hp+csrf.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Cross-Site Request Forgery(CSRF) in HP (Hewlett-Packard)" border="0" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi95cNED1sSP_JKoftxfkj3UFWlO-Cx3ZuqmFFSzczDImVpij9pBh6opd4ZHStF1joHDuiQKa32dyXmUrABdEatbMYD0sAy0KB_TikKCbdZ7edATNhww8oqB6DAxfIQ2lHShhWF2BDUSi4/s1600/hp+csrf.jpg" title="Cross-Site Request Forgery(CSRF) in HP (Hewlett-Packard)" width="400" /></a></div> <br /> Potential security vulnerabilities have been identified with <a href="http://www.hp.com/" rel="nofollow" target="_blank">HP</a> Service Manager. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (<a href="http://www.hackerschronicle.com/search/label/XSS" target="_blank">XSS</a>), Cross-Site Request Forgery (<a href="http://www.hackerschronicle.com/search/label/CSRF" target="_blank">CSRF</a>), Denial of Service (<a href="http://www.hackerschronicle.com/search/label/DoS" target="_blank">DoS</a>), execution of arbitrary code, unauthorized access, disclosure of Information, and authentication issues.<br /> <br /> <h3> Effected Software Versions</h3> HP Service Manager<br /> <ul> <li>v9.30</li> <li>v9.31</li> <li>v9.32</li> <li>v9.33</li> </ul> <h3> Solution</h3> HP has made the following software updates available to resolve the vulnerabilities.<br /> <ul> <li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00507" target="_blank">AIX Server 9.33.0035</a></li> <li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00508">HP Itanium Server 9.33.0035</a></li> <li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00509">Linux Server 9.33.0035</a></li> <li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00510">Solaris Server 9.33.0035</a></li> <li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00511" target="_blank">Windows Server 9.33.0035</a></li> <li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00512" target="_blank">Web Tier 9.33.0035</a></li> <li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00513" target="_blank">Windows Client 9.33.0035</a></li> <li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00514" target="_blank">Windows Client Configuration 9.33.0035</a></li> <li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00515" target="_blank">Mobility 9.33.0006</a></li> <li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00516" target="_blank">Applications 9.33.0035</a></li> </ul> <h3> Technical Details</h3> <ul> <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493" target="_blank">CVE-2013-1493</a> - Oracle Java JRE 1.7 Remote Execution of Arbitrary Code and Denial of Service (DoS)</li> <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067" target="_blank">CVE-2013-2067</a> - Apache Tomcat Authentication Issues</li> <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6202" target="_blank">CVE-2013-6202</a> - Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information</li> </ul> Source: <a href="http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04117626&ac.admitted=1393402317326.876444892.492883150" target="_blank">HP</a></div>

CSRF HP Vulnerability Cross-Site Request Forgery(CSRF) Vulnerability in HP Service Manager

Potential security vulnerabilities have been identified with HP Service Manager. The vulnerabilities could be remotely exploited result...

Read more »