CVE-2014-2633

HP Service Manager 7.21 and 9.x < 9.34 - Cross-Site Request Forgery

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/69376

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1030756

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/95449

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/60028

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/60714

Vendor Advisory vendor-advisory x_refsource_hp

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127

Scores

EPSS 0.0030

EPSS Percentile 53.6%

Details

CWE

CWE-352

Status published

Products (6)

hp/service_manager 7.21

hp/service_manager 9.21

hp/service_manager 9.30

hp/service_manager 9.31

hp/service_manager 9.32

hp/service_manager 9.33

Published Aug 23, 2014

Tracked Since Feb 18, 2026