CVE-2010-1586

Exploit

EPSS 0.52%
Veröffentlicht 28.04.2010 22:30:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hp ≫ System Management Homepage Version2.0.0

Hp ≫ System Management Homepage Version2.0.1

Hp ≫ System Management Homepage Version2.0.2

Hp ≫ System Management Homepage Version2.1

Hp ≫ System Management Homepage Version2.1.0-103

Hp ≫ System Management Homepage Version2.1.0-109

Hp ≫ System Management Homepage Version2.1.0-118

Hp ≫ System Management Homepage Version2.1.1

Hp ≫ System Management Homepage Version2.1.2

Hp ≫ System Management Homepage Version2.1.2-127

Hp ≫ System Management Homepage Version2.1.3

Hp ≫ System Management Homepage Version2.1.3.132

Hp ≫ System Management Homepage Version2.1.4

Hp ≫ System Management Homepage Version2.1.5

Hp ≫ System Management Homepage Version2.1.5-146

Hp ≫ System Management Homepage Version2.1.6

Hp ≫ System Management Homepage Version2.1.6-156

Hp ≫ System Management Homepage Version2.1.7

Hp ≫ System Management Homepage Version2.1.7-168

Hp ≫ System Management Homepage Version2.1.8

Hp ≫ System Management Homepage Version2.1.8-177

Hp ≫ System Management Homepage Version2.1.9

Hp ≫ System Management Homepage Version2.1.9-178

Hp ≫ System Management Homepage Version2.1.10-186

Hp ≫ System Management Homepage Version2.1.11-197

Hp ≫ System Management Homepage Version2.1.12-118

Hp ≫ System Management Homepage Version2.1.12-200

Hp ≫ System Management Homepage Version2.2.6

Hp ≫ System Management Homepage Version2.2.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.66

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/39676

Exploit

http://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abuse

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/58107

https://nvd.nist.gov/vuln/detail/CVE-2010-1586

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-1586

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-1586

EUVD