HP Systems Insight Manager Unspecified Cross Site Request Forgery Vulnerability

Bugtraq ID:	39736
Class:	Design Error
CVE:	CVE-2010-1037
Remote:	Yes
Local:	No
Published:	Apr 27 2010 12:00AM
Updated:	Apr 27 2010 12:00AM
Credit:	This issue was reported by the vendor.
Vulnerable:	HP Systems Insight Manager 5.2 SP2 HP Systems Insight Manager 5.1 SP1 HP Systems Insight Manager 5.0 SP6 HP Systems Insight Manager 5.0 SP5 HP Systems Insight Manager 5.0 SP3 HP Systems Insight Manager 5.0 SP2 HP Systems Insight Manager 5.0 SP1 HP Systems Insight Manager 5.0 HP Systems Insight Manager 4.2 SP2 HP Systems Insight Manager 4.2 SP1 HP Systems Insight Manager 4.2
Not Vulnerable:	HP Systems Insight Manager 6.0

HP Systems Insight Manager Unspecified Cross Site Request Forgery Vulnerability

HP Systems Insight Manager is prone to a cross-site request-forgery vulnerability.

An attacker can exploit this issue to perform unauthorized actions by enticing a logged-in user to visit a malicious site.

Versions prior to Systems Insight Manager 6.0 are vulnerable.

HP Systems Insight Manager Unspecified Cross Site Request Forgery Vulnerability

To exploit the issue, an attacker must entice a user into visiting a malicious site.

HP Systems Insight Manager Unspecified Cross Site Request Forgery Vulnerability

Solution:
The vendor has released updates. Please see the references for more information.

HP Systems Insight Manager Unspecified Cross Site Request Forgery Vulnerability

References:

• Micro News Homepage (phptoys)