CVE-2012-2012

HP System Management Homepage < 7.1.1 - Unauthenticated Credential Exposure via Form Autocomplete

Title source: llm
STIX 2.1

Description

HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

References (1)

Core 1
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Scores

EPSS 0.0448
EPSS Percentile 89.2%

Details

Status published
Products (47)
hp/system_management_homepage 2.0.0
hp/system_management_homepage 2.0.1
hp/system_management_homepage 2.0.1.104
hp/system_management_homepage 2.0.2
hp/system_management_homepage 2.0.2.106
hp/system_management_homepage 2.1
hp/system_management_homepage 2.1.0-103
hp/system_management_homepage 2.1.0-103\(a\)
hp/system_management_homepage 2.1.0-109
hp/system_management_homepage 2.1.0-118
... and 37 more
Published Jun 29, 2012
Tracked Since Feb 18, 2026