CVE-2007-2719

HP Systems Insight Manager <5.0 SP5 - Info Disclosure

Title source: llm

Description

Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.

References (9)

[Vendor Advisory] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01049713

[Vendor Advisory] http://secunia.com/advisories/25275

[Patch] http://www.acrossecurity.com/aspr/ASPR-2007-05-14-1-PUB.txt

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34303

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/468974/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23988

[Third Party Advisory, VDB Entry] http://osvdb.org/36061

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018062

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1823

Scores

EPSS 0.0745

EPSS Percentile 91.6%

Classification

CWE

CWE-287

Status draft

Affected Products (3)

hp/systems_insight_manager

Timeline

Published May 16, 2007

Tracked Since Feb 18, 2026