CSRF in Hp Power_manager

CVE-2011-0277

Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.002 (37.7th percentile) — read the EPSS interpretation.

Affected products

Hp Power_manager — versions 4.2.5, 4.2.6, 4.2.7
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

1025032 (vdb-entry, x_refsource_SECTRACK)
70836 (x_refsource_OSVDB, vdb-entry)
46258 (vdb-entry, x_refsource_BID)
SSRT100381 (x_refsource_HP, vendor-advisory)
43058 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)