Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.
Max CVSS
5.1
EPSS Score
0.73%
Published
2009-03-18
Updated
2018-10-10
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.15%
Published
2009-08-14
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.13%
Published
2010-04-28
Updated
2019-10-09
Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971.
Max CVSS
6.8
EPSS Score
0.13%
Published
2010-07-15
Updated
2019-10-09
Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968.
Max CVSS
6.8
EPSS Score
0.13%
Published
2010-07-15
Updated
2019-10-09
Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.14%
Published
2010-10-23
Updated
2010-11-11
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.14%
Published
2010-10-28
Updated
2010-11-11
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.14%
Published
2010-10-28
Updated
2010-11-11
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.28%
Published
2010-11-02
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in HP Insight Control for Linux before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.27%
Published
2010-11-02
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
Max CVSS
6.8
EPSS Score
0.27%
Published
2011-02-09
Updated
2013-08-03
Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
4.3
EPSS Score
0.18%
Published
2011-04-29
Updated
2011-09-22
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.19%
Published
2011-05-03
Updated
2011-09-22
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
Max CVSS
6.8
EPSS Score
0.08%
Published
2012-04-12
Updated
2012-04-12
Cross-site request forgery (CSRF) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.28%
Published
2012-05-02
Updated
2019-02-26
Cross-site request forgery (CSRF) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.14%
Published
2012-09-08
Updated
2013-03-22
Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.10%
Published
2013-03-28
Updated
2019-10-09
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.12%
Published
2014-03-14
Updated
2019-10-09
Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.14%
Published
2013-12-17
Updated
2014-01-08
Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) insert XSS sequences or (2) execute arbitrary code.
Max CVSS
6.8
EPSS Score
1.26%
Published
2014-02-24
Updated
2019-10-09
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.
Max CVSS
6.8
EPSS Score
0.13%
Published
2013-11-22
Updated
2013-11-22
Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.28%
Published
2014-08-23
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.0
EPSS Score
0.11%
Published
2014-10-02
Updated
2019-10-09
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.19%
Published
2014-10-19
Updated
2017-09-08
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-09-05
Updated
2023-09-08
39 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!