System Management Homepage
by Microfocus
CVEs (69)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-2357 | 0.00 | — | 0.02 | Jul 22, 2013 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360. | |||
| CVE-2013-2356 | 0.00 | — | 0.03 | Jul 22, 2013 | HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2363. | |||
| CVE-2013-2355 | 0.00 | — | 0.04 | Jul 22, 2013 | HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2012-5217. | |||
| CVE-2012-5217 | 0.00 | — | 0.04 | Jul 22, 2013 | HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2355. | |||
| CVE-2012-2016 | 0.00 | — | 0.01 | Jun 29, 2012 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors. | |||
| CVE-2012-2015 | 0.00 | — | 0.03 | Jun 29, 2012 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors. | |||
| CVE-2012-2014 | 0.00 | — | 0.03 | Jun 29, 2012 | HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors. | |||
| CVE-2012-2013 | 0.00 | — | 0.04 | Jun 29, 2012 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown vectors. | |||
| CVE-2012-2012 | 0.00 | — | 0.05 | Jun 29, 2012 | HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||
| CVE-2012-1993 | 0.00 | — | 0.00 | Apr 18, 2012 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors. | |||
| CVE-2012-0135 | 0.00 | — | 0.02 | Apr 18, 2012 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors. | |||
| CVE-2011-3846 | 0.00 | — | 0.01 | Apr 12, 2012 | Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | |||
| CVE-2011-1540 | 0.00 | — | 0.05 | Apr 29, 2011 | Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||
| CVE-2010-3284 | 0.00 | — | 0.02 | Sep 24, 2010 | Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2010-3283 | 0.00 | — | 0.01 | Sep 24, 2010 | Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2010-3012 | 0.00 | — | 0.02 | Sep 17, 2010 | Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error. | |||
| CVE-2010-3011 | 0.00 | — | 0.04 | Sep 17, 2010 | CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||
| CVE-2010-3009 | 0.00 | — | 0.03 | Sep 15, 2010 | Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors. | |||
| CVE-2010-1034 | 0.00 | — | 0.02 | Apr 23, 2010 | Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. | |||
| CVE-2009-4185 | 0.00 | — | 0.03 | Feb 5, 2010 | Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter. |
- CVE-2013-2357Jul 22, 2013risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360.
- CVE-2013-2356Jul 22, 2013risk 0.00cvss —epss 0.03
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2363.
- CVE-2013-2355Jul 22, 2013risk 0.00cvss —epss 0.04
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2012-5217.
- CVE-2012-5217Jul 22, 2013risk 0.00cvss —epss 0.04
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2355.
- CVE-2012-2016Jun 29, 2012risk 0.00cvss —epss 0.01
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors.
- CVE-2012-2015Jun 29, 2012risk 0.00cvss —epss 0.03
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors.
- CVE-2012-2014Jun 29, 2012risk 0.00cvss —epss 0.03
HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors.
- CVE-2012-2013Jun 29, 2012risk 0.00cvss —epss 0.04
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown vectors.
- CVE-2012-2012Jun 29, 2012risk 0.00cvss —epss 0.05
HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
- CVE-2012-1993Apr 18, 2012risk 0.00cvss —epss 0.00
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors.
- CVE-2012-0135Apr 18, 2012risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors.
- CVE-2011-3846Apr 12, 2012risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
- CVE-2011-1540Apr 29, 2011risk 0.00cvss —epss 0.05
Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote authenticated users to execute arbitrary code via unknown vectors.
- CVE-2010-3284Sep 24, 2010risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via unknown vectors.
- CVE-2010-3283Sep 24, 2010risk 0.00cvss —epss 0.01
Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
- CVE-2010-3012Sep 17, 2010risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error.
- CVE-2010-3011Sep 17, 2010risk 0.00cvss —epss 0.04
CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
- CVE-2010-3009Sep 15, 2010risk 0.00cvss —epss 0.03
Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors.
- CVE-2010-1034Apr 23, 2010risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.
- CVE-2009-4185Feb 5, 2010risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter.
Page 3 of 4