Computer Security
[EN] securityvulns.ru no-pyccku


HP Service Manager multiple security vulnerabilities
Published:26.08.2014
Source:
SecurityVulns ID:13929
Type:remote
Threat Level:
6/10
Description:Crossite scripting, unauthorized access, privilege escalation.
Affected:HP : HP Service Manager 9.33
CVE:CVE-2014-2634 (Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors.)
 CVE-2014-2633 (Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2014-2632 (Unspecified vulnerability in the WebTier component in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to execute arbitrary code via unknown vectors.)
 CVE-2013-6222 (Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMU03079 rev.1 - HP Service Manager, Multiple Vulnerabilities (26.08.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod