CVE-2011-1543

Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=130331642631603&w=2	Vendor Advisory
http://www.securityfocus.com/bid/47513
http://www.securitytracker.com/id?1025415
http://securityreason.com/securityalert/8234

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hp:systems_insight_manager:5.2:::::::*
	cpe:2.3:a:hp:systems_insight_manager:5.2:update_1::::::
	cpe:2.3:a:hp:systems_insight_manager:5.0:sp3::::::
	cpe:2.3:a:hp:systems_insight_manager:4.2:sp2::::::
	cpe:2.3:a:hp:systems_insight_manager:6.1:::::::*
	cpe:2.3:a:hp:systems_insight_manager::::::::
	cpe:2.3:a:hp:systems_insight_manager:2.5:::::::*
	cpe:2.3:a:hp:systems_insight_manager:5.0:sp4::::::
	cpe:2.3:a:hp:systems_insight_manager:4.2:::::::*
	cpe:2.3:a:hp:systems_insight_manager:5.0:sp2::::::
	cpe:2.3:a:hp:systems_insight_manager:4.0:sp1::::::
	cpe:2.3:a:hp:systems_insight_manager:4.1:::::::*
	cpe:2.3:a:hp:systems_insight_manager:4.2:sp1::::::
	cpe:2.3:a:hp:systems_insight_manager:6.0:::::::*
	cpe:2.3:a:hp:systems_insight_manager:5.0:sp5::::::
	cpe:2.3:a:hp:systems_insight_manager:5.1:::::::*
	cpe:2.3:a:hp:systems_insight_manager:5.3:::::::*
	cpe:2.3:a:hp:systems_insight_manager:4.1:sp1::::::
	cpe:2.3:a:hp:systems_insight_manager:2.5.2.0:::::::*
	cpe:2.3:a:hp:systems_insight_manager:5.3:update_1::::::
	cpe:2.3:a:hp:systems_insight_manager:5.0:::::::*
	cpe:2.3:a:hp:systems_insight_manager:4.0:::::::*
	cpe:2.3:a:hp:systems_insight_manager:5.0:sp1::::::

Information

Published : 2011-04-29 15:55

Updated : 2011-09-21 20:30

NVD link : CVE-2011-1543

Mitre link : CVE-2011-1543

JSON object : View

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

Products Affected

hp

systems_insight_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2", "name": "SSRT100428", "tags": ["Vendor Advisory"], "refsource": "HP"}, {"url": "http://www.securityfocus.com/bid/47513", "name": "47513", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1025415", "name": "1025415", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securityreason.com/securityalert/8234", "name": "8234", "tags": [], "refsource": "SREASON"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-352"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-1543", "ASSIGNER": "hp-security-alert@hp.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2011-04-29T22:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:5.2:update_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:5.0:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:4.2:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.2"}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:5.0:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:5.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:4.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:4.2:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:5.0:sp5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:4.1:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:2.5.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:5.3:update_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:systems_insight_manager:5.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-09-22T03:30Z"}