‫ HP Service Manager Multiple Vulnerabilities

IRCAD2014083482

ID: IRCAD2014083482

Release Date: 2014-08-27

Criticality level: Highly critical

Software:
HP Service Manager 9.x
Description:

Some vulnerabilities have been reported in HP Service Manager, where some have an unknown impact and others can be exploited by malicious people to potentially disclose sensitive information, conduct cross-site scripting and cross-site forgery attacks, and bypass certain security restrictions.

1) Certain unspecified input related to Mobility Web Client and SRC is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Some unspecified errors exist related to Mobility Web Client and SRC. No further information is currently available.

3) An unspecified error exists related to SM WebTier, which can be exploited to gain access to otherwise restricted functionality.

4) Some unspecified errors exist related to SM WebTier. No further information is currently available.

5) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform unspecified actions if a logged-in administrative user visits a malicious web site.

6) Some unspecified errors exist related to SM Server. No further information is currently available.

7) An unspecified error exists related to SM Server, which can be exploited to gain access to otherwise restricted functionality.

8) An unspecified error can be exploited to disclose certain information.

The vulnerabilities are reported in versions 9.21, 9.30, 9.31, 9.32, and 9.33.

Solution

Apply updates.

 References:

HPSBMU03079 SSRT101654:

Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 11 شهریور 1393

امتیاز

امتیاز شما
تعداد امتیازها:0