What is CVE-2014-7874?

CVE-2014-7874 is a vulnerability in Hp Hp-ux, classified under Cross-Site Request Forgery (CSRF). Published 2014-10-19.

Is CVE-2014-7874 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

CSRF in Hp Hp-ux

CVE-2014-7874

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknow…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.002 (36.8th percentile) — read the EPSS interpretation.

Affected products

Hp Hp-ux — versions b.11.23, b.11.31
Hp System_management_homepage
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

Public proof-of-concept exploits

abhav/nvd_

References

60945 (x_refsource_SECUNIA, third-party-advisory)
hp-smh-cve20147874-csrf(97024) (vdb-entry, x_refsource_XF)
1031050 (vdb-entry, x_refsource_SECTRACK)
HPSBUX03139 (x_refsource_HP, vendor-advisory)

Frequently asked questions

What is CVE-2014-7874?: CVE-2014-7874 is a vulnerability in Hp Hp-ux, classified under Cross-Site Request Forgery (CSRF). Published 2014-10-19.
Is CVE-2014-7874 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.