Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlierID: oval:org.secpod.oval:def:541 | Date: (C)2011-03-23 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
The host is installed with HP Power Manager and is prone to cross-site request forgery (CSRF) vulnerability. A flaw is present in the application, which fails to validate HTTP requests. Successful exploitation could allow remote attackers to steal valid user's cookies and run HTTP requests requiring administrative privilege.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows XP |