Japan Vulnerability NotesJVN:02331156JVN#02331156 HP System Management Homepage vulnerable to cross-site scripting
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
56.8%
HP System Management Homepage (SMH) from Hewlett-Packard is a web-based interface that can manage HP servers.
SMH contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#19240523.
Impact
An arbitrary script may be executed on the user’s web browser.
Solution
Apply the latest update provided by the vendor.
The update for each operating system is as follows.
- HP System Management Homepage for Linux (x86) v3.0.1.73
- HP System Management Homepage for Linux (AMD64/EM64T) v3.0.1.73
- HP System Management Homepage for Windows v3.0.1.73
For more information, refer to the vendor’s website.
Products Affected
The following for Linux and Windows Server 2003, 2008 are affected:
- HP System Management Homepage (SMH) versions before v3.0.1.73
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
56.8%