CVE-2011-0277

Published: Feb 9, 2011Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.

Affected (6)

Products: Hp: Power Manager

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Hp Power Manager	Up to 4.3.2
Hp Power Manager	Version 4.2.5
Hp Power Manager	Version 4.2.6
Hp Power Manager	Version 4.2.7
Hp Power Manager	Version 4.2.8
Hp Power Manager	Version 4.2.9

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (10)

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131

Source: hp-security-alert@hp.com

http://osvdb.org/70836

Source: hp-security-alert@hp.com

http://secunia.com/advisories/43058

Source: hp-security-alert@hp.com

Vendor Advisory

http://www.securityfocus.com/bid/46258

Source: hp-security-alert@hp.com

http://www.securitytracker.com/id?1025032

Source: hp-security-alert@hp.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/70836

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43058

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/46258

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1025032

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.