Lucene search
HistoryFeb 05, 2010 - 10:30 p.m.
CVE-2009-4185
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.6
Confidence
High
EPSS
0.005
Percentile
75.9%
Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter.
Affected configurations
Node
hpsystem_management_homepageRange≤3.0.2.77
ORhpsystem_management_homepageMatch2.0.0
ORhpsystem_management_homepageMatch2.0.1
ORhpsystem_management_homepageMatch2.0.2
ORhpsystem_management_homepageMatch2.1
ORhpsystem_management_homepageMatch2.1.0-103
ORhpsystem_management_homepageMatch2.1.0-103\(a\)
ORhpsystem_management_homepageMatch2.1.0-109
ORhpsystem_management_homepageMatch2.1.0-118
ORhpsystem_management_homepageMatch2.1.1
ORhpsystem_management_homepageMatch2.1.2
ORhpsystem_management_homepageMatch2.1.2-127
ORhpsystem_management_homepageMatch2.1.3
ORhpsystem_management_homepageMatch2.1.3.132
ORhpsystem_management_homepageMatch2.1.4
ORhpsystem_management_homepageMatch2.1.4-143
ORhpsystem_management_homepageMatch2.1.5
ORhpsystem_management_homepageMatch2.1.5-146
ORhpsystem_management_homepageMatch2.1.6
ORhpsystem_management_homepageMatch2.1.6-156
ORhpsystem_management_homepageMatch2.1.7
ORhpsystem_management_homepageMatch2.1.7-168
ORhpsystem_management_homepageMatch2.1.8
ORhpsystem_management_homepageMatch2.1.8-177
ORhpsystem_management_homepageMatch2.1.9
ORhpsystem_management_homepageMatch2.1.9-178
ORhpsystem_management_homepageMatch2.1.10
ORhpsystem_management_homepageMatch2.1.10-186
ORhpsystem_management_homepageMatch2.1.11
ORhpsystem_management_homepageMatch2.1.11-197
ORhpsystem_management_homepageMatch2.1.12-118
ORhpsystem_management_homepageMatch2.1.12-200
ORhpsystem_management_homepageMatch2.1.15-210
ORhpsystem_management_homepageMatch2.2.6
ORhpsystem_management_homepageMatch2.2.8
ORhpsystem_management_homepageMatch3.0.0-68
ORhpsystem_management_homepageMatch3.0.1.73
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hp | system_management_homepage | * | cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:* |
| hp | system_management_homepage | 2.0.0 | cpe:2.3:a:hp:system_management_homepage:2.0.0:*:*:*:*:*:*:* |
| hp | system_management_homepage | 2.0.1 | cpe:2.3:a:hp:system_management_homepage:2.0.1:*:*:*:*:*:*:* |
| hp | system_management_homepage | 2.0.2 | cpe:2.3:a:hp:system_management_homepage:2.0.2:*:*:*:*:*:*:* |
| hp | system_management_homepage | 2.1 | cpe:2.3:a:hp:system_management_homepage:2.1:*:*:*:*:*:*:* |
| hp | system_management_homepage | 2.1.0-103 | cpe:2.3:a:hp:system_management_homepage:2.1.0-103:*:*:*:*:*:*:* |
| hp | system_management_homepage | 2.1.0-103(a) | cpe:2.3:a:hp:system_management_homepage:2.1.0-103\(a\):*:*:*:*:*:*:* |
| hp | system_management_homepage | 2.1.0-109 | cpe:2.3:a:hp:system_management_homepage:2.1.0-109:*:*:*:*:*:*:* |
| hp | system_management_homepage | 2.1.0-118 | cpe:2.3:a:hp:system_management_homepage:2.1.0-118:*:*:*:*:*:*:* |
| hp | system_management_homepage | 2.1.1 | cpe:2.3:a:hp:system_management_homepage:2.1.1:*:*:*:*:*:*:* |
References
Related
openvas
openvas
HP/HPE System Management Homepage (SMH) XSS Vulnerability (HPSBMA02504)
2010-02-11 00:00:00
securityvulns
securityvulns
cvelist
cvelist
CVE-2009-4185
2010-02-05 22:13:00
prion
prion
Cross site scripting
2010-02-05 22:30:00
cve
cve
CVE-2009-4185
2010-02-05 22:30:02
nessus
nessus
HP System Management Homepage < 6.0.0.96 / 6.0.0-95 Multiple Vulnerabilities
2010-04-27 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.6
Confidence
High
EPSS
0.005
Percentile
75.9%
Related for NVD:CVE-2009-4185