Description
Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025032
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/70836
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46258
Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43058
Scores
EPSS
0.0017
EPSS Percentile
37.5%
Details
CWE
CWE-352
Status
published
Products (6)
hp/power_manager
4.2.5
hp/power_manager
4.2.6
hp/power_manager
4.2.7
hp/power_manager
4.2.8
hp/power_manager
4.2.9
hp/power_manager
< 4.3.2
Published
Feb 09, 2011
Tracked Since
Feb 18, 2026