Computer Security
[EN] securityvulns.ru no-pyccku


HP Service Manager / HP Service Center multiple security vulnerabilities
Published:10.06.2011
Source:
SecurityVulns ID:11723
Type:remote
Threat Level:
5/10
Description:Uauthorized access, privilege escalation, information leakage, HTTP session hijack, crossite scripting.
Affected:HP : HP Service Manager 9.21
 HP : HP Service Manager 9.20
 HP : HP Service Manager 7.11
 HP : HP Service Manager 7.02
 HP : HP Service Manager client 9.21
 HP : HP Service Manager client 9.20
 HP : HP Service Manager client 7.11
 HP : HP Service Manager client 7.02
 HP : HP Service Center 6.2
 HP : HP Service Center client 6.2
CVE:CVE-2011-1863 (HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors.)
 CVE-2011-1862 (Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2011-1861 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors.)
 CVE-2011-1860 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors.)
 CVE-2011-1859 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to obtain sensitive information via unknown vectors.)
 CVE-2011-1858 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows local users to bypass intended access restrictions via unknown vectors.)
 CVE-2011-1857 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02674 SSRT100487 rev.1 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XS (10.06.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod