Test ID:	1.3.6.1.4.1.25623.1.0.804858
Category:	Web application abuses
Title:	HP/HPE System Management Homepage (SMH) Multiple Vulnerabilities (HPSBMU03112)
Summary:	HP/HPE System Management Homepage (SMH) is prone to multiple; vulnerabilities.
Description:	Summary: HP/HPE System Management Homepage (SMH) is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are exists due to: - An error as HTTP requests to certain scripts do not require multiple steps, explicit confirmation, or a unique token when performing sensitive actions. - An error as application does not validate user-supplied input. - An unspecified error. Vulnerability Impact: Successful exploitation will allow remote attackers to perform clickjacking attacks, perform a Cross-Site Request Forgery attack or execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: HP/HPE SMH prior to version 7.4. Solution: Update to version 7.4 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4545 Debian Security Information: DSA-2798 (Google Search) http://www.debian.org/security/2013/dsa-2798 HPdes Security Advisory: HPSBMU03112 https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322 SuSE Security Announcement: openSUSE-SU-2013:1859 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00047.html SuSE Security Announcement: openSUSE-SU-2013:1865 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00053.html http://www.ubuntu.com/usn/USN-2048-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-6420 BugTraq ID: 64225 http://www.securityfocus.com/bid/64225 Debian Security Information: DSA-2816 (Google Search) http://www.debian.org/security/2013/dsa-2816 HPdes Security Advisory: SSRT101447 https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html RedHat Security Advisories: RHSA-2013:1813 http://rhn.redhat.com/errata/RHSA-2013-1813.html RedHat Security Advisories: RHSA-2013:1815 http://rhn.redhat.com/errata/RHSA-2013-1815.html RedHat Security Advisories: RHSA-2013:1824 http://rhn.redhat.com/errata/RHSA-2013-1824.html RedHat Security Advisories: RHSA-2013:1825 http://rhn.redhat.com/errata/RHSA-2013-1825.html RedHat Security Advisories: RHSA-2013:1826 http://rhn.redhat.com/errata/RHSA-2013-1826.html http://www.securitytracker.com/id/1029472 http://secunia.com/advisories/59652 SuSE Security Announcement: openSUSE-SU-2013:1963 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html SuSE Security Announcement: openSUSE-SU-2013:1964 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html http://www.ubuntu.com/usn/USN-2055-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-6422 Debian Security Information: DSA-2824 (Google Search) http://www.debian.org/security/2013/dsa-2824 http://www.ubuntu.com/usn/USN-2058-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-6712 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html https://bugs.php.net/bug.php?id=66060 RedHat Security Advisories: RHSA-2014:1765 http://rhn.redhat.com/errata/RHSA-2014-1765.html Common Vulnerability Exposure (CVE) ID: CVE-2014-2640 CERT/CC vulnerability note: VU#125228 http://www.kb.cert.org/vuls/id/125228 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04463322 HPdes Security Advisory: SSRT101438 HPdes Security Advisory: SSRT101633 http://www.securitytracker.com/id/1030960 Common Vulnerability Exposure (CVE) ID: CVE-2014-2641 Common Vulnerability Exposure (CVE) ID: CVE-2014-2642 HPdes Security Advisory: SSRT101701
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.