Lucene search

K
nvd[email protected]NVD:CVE-2010-3989
HistoryOct 28, 2010 - 8:00 p.m.

CVE-2010-3989

2010-10-2820:00:02
CWE-352
web.nvd.nist.gov
4
cve-2010-3989
csrf
hp insight control
virtual machine management
remote attackers
authentication hijacking

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

49.8%

Cross-site request forgery (CSRF) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Affected configurations

Nvd
Node
hpinsight_control_virtual_machine_managementRange6.1.2
OR
hpinsight_control_virtual_machine_managementMatch6.0
OR
hpinsight_control_virtual_machine_managementMatch6.0.1
OR
hpinsight_control_virtual_machine_managementMatch6.0.2
OR
hpinsight_control_virtual_machine_managementMatch6.1
VendorProductVersionCPE
hpinsight_control_virtual_machine_management*cpe:2.3:a:hp:insight_control_virtual_machine_management:*:*:*:*:*:*:*:*
hpinsight_control_virtual_machine_management6.0cpe:2.3:a:hp:insight_control_virtual_machine_management:6.0:*:*:*:*:*:*:*
hpinsight_control_virtual_machine_management6.0.1cpe:2.3:a:hp:insight_control_virtual_machine_management:6.0.1:*:*:*:*:*:*:*
hpinsight_control_virtual_machine_management6.0.2cpe:2.3:a:hp:insight_control_virtual_machine_management:6.0.2:*:*:*:*:*:*:*
hpinsight_control_virtual_machine_management6.1cpe:2.3:a:hp:insight_control_virtual_machine_management:6.1:*:*:*:*:*:*:*

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

49.8%

Related for NVD:CVE-2010-3989