7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.95 High
EPSS
Percentile
99.2%
01/10/2014
Critical
Multiple vulnerabilities was found in HP SMH. By exploiting these vulnerabilities malicious users can conduct XSS, CSRF and clicjacking attacks via unspecified vectors. These vulnerabilities can be exploited remotely.
HP System Management Homepage (SMH) versions earlier than 7.4
Update to latest version
Get HP SMH
XSS/CSS
CVE-2013-67125.0Critical
CVE-2013-64224.0Warning
CVE-2014-26416.0High
CVE-2014-26404.3Warning
CVE-2014-26424.3Warning
CVE-2013-64207.5Critical
CVE-2013-45454.3Warning
www8.hp.com/us/en/products/server-software/product-detail.html?oid=344313
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4545
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6422
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2640
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2642
h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/HP-System-Management-Homepage/