Vulnerability Name:

CVE-2009-1418 (CCN-50633)

Assigned:2009-05-18
Published:2009-05-18
Updated:2017-08-17
Summary:Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Per: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01745065


"SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP System Management Homepage (SMH) before v3.0.1.73 running on Linux and Windows Server 2003, 2008."
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-1418

Source: CCN
Type: HP Security Bulletin HPSBMA02428 SSRT090048 rev.1
HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)

Source: HP
Type: Patch, Vendor Advisory
SSRT090048

Source: JVN
Type: UNKNOWN
JVN#02331156

Source: JVNDB
Type: UNKNOWN
JVNDB-2009-000029

Source: CCN
Type: SA35108
HP System Management Homepage Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
35108

Source: CCN
Type: SECTRACK ID: 1022242
HP System Management Homepage Input Validation Flaw Permits Cross-Site Scripting Attacks

Source: SECTRACK
Type: Patch
1022242

Source: CCN
Type: OSVDB ID: 54608
HP System Management Homepage (SMH) Unspecified XSS

Source: BID
Type: UNKNOWN
35031

Source: CCN
Type: BID-35031
HP System Management Homepage Unspecified Cross Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
smh-win-unspecified-xss(50633)

Source: XF
Type: UNKNOWN
smh-win-unspecified-xss(50633)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hp:system_management_homepage:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.0.1.104:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.0.2.106:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.0-103:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.0-103(a):*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.0-109:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.0-118:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.0.121:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.2-127:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.2.127:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.3.132:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.4-143:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.4.143:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.5-146:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.5.146:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.5.146:b:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.6-156:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.6.156:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.7-168:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.7.168:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.8-177:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.8.179:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.9-178:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.10-186:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.10.186:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.10.186:b:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.10.186:c:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.11-197:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.11.197:a:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.12-118:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.12-200:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.12.201:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.14.20:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.15-210:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.15.210:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:*:*:*:*:*:*:*:* (Version <= 3.0.0-68)
  • OR cpe:/a:hp:system_management_homepage:3.0.0.64:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:hp:system_management_homepage:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.3.132:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.0-103:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.0-103(a):*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.0-109:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.0-118:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.10-186:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.11-197:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.12-118:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.12-200:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.2-127:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.4-143:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.5-146:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.6-156:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.7-168:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.8-177:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.9-178:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.15-210:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:3.0.0-68:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hp system management homepage 2.0.0
    hp system management homepage 2.0.1
    hp system management homepage 2.0.1.104
    hp system management homepage 2.0.2
    hp system management homepage 2.0.2.106
    hp system management homepage 2.1
    hp system management homepage 2.1.0-103
    hp system management homepage 2.1.0-103(a)
    hp system management homepage 2.1.0-109
    hp system management homepage 2.1.0-118
    hp system management homepage 2.1.0.121
    hp system management homepage 2.1.1
    hp system management homepage 2.1.2
    hp system management homepage 2.1.2-127
    hp system management homepage 2.1.2.127
    hp system management homepage 2.1.3
    hp system management homepage 2.1.3.132
    hp system management homepage 2.1.4
    hp system management homepage 2.1.4-143
    hp system management homepage 2.1.4.143
    hp system management homepage 2.1.5
    hp system management homepage 2.1.5-146
    hp system management homepage 2.1.5.146
    hp system management homepage 2.1.5.146 b
    hp system management homepage 2.1.6
    hp system management homepage 2.1.6-156
    hp system management homepage 2.1.6.156
    hp system management homepage 2.1.7
    hp system management homepage 2.1.7-168
    hp system management homepage 2.1.7.168
    hp system management homepage 2.1.8
    hp system management homepage 2.1.8-177
    hp system management homepage 2.1.8.179
    hp system management homepage 2.1.9
    hp system management homepage 2.1.9-178
    hp system management homepage 2.1.10
    hp system management homepage 2.1.10-186
    hp system management homepage 2.1.10.186
    hp system management homepage 2.1.10.186 b
    hp system management homepage 2.1.10.186 c
    hp system management homepage 2.1.11
    hp system management homepage 2.1.11-197
    hp system management homepage 2.1.11.197 a
    hp system management homepage 2.1.12-118
    hp system management homepage 2.1.12-200
    hp system management homepage 2.1.12.201
    hp system management homepage 2.1.14.20
    hp system management homepage 2.1.15-210
    hp system management homepage 2.1.15.210
    hp system management homepage 2.2.6
    hp system management homepage 2.2.8
    hp system management homepage *
    hp system management homepage 3.0.0.64
    hp system management homepage 2.0.0
    hp system management homepage 2.0.1
    hp system management homepage 2.0.2
    hp system management homepage 2.1
    hp system management homepage 2.1.1
    hp system management homepage 2.1.2
    hp system management homepage 2.1.3
    hp system management homepage 2.1.3.132
    hp system management homepage 2.1.4
    hp system management homepage 2.1.5
    hp system management homepage 2.1.6
    hp system management homepage 2.1.7
    hp system management homepage 2.1.8
    hp system management homepage 2.1.9
    hp system management homepage 2.1.11
    hp system management homepage 2.1.10
    hp system management homepage 2.2.6
    hp system management homepage 2.2.8
    hp system management homepage 2.1.0-103
    hp system management homepage 2.1.0-103(a)
    hp system management homepage 2.1.0-109
    hp system management homepage 2.1.0-118
    hp system management homepage 2.1.10-186
    hp system management homepage 2.1.11-197
    hp system management homepage 2.1.12-118
    hp system management homepage 2.1.12-200
    hp system management homepage 2.1.2-127
    hp system management homepage 2.1.4-143
    hp system management homepage 2.1.5-146
    hp system management homepage 2.1.6-156
    hp system management homepage 2.1.7-168
    hp system management homepage 2.1.8-177
    hp system management homepage 2.1.9-178
    hp system management homepage 2.1.15-210
    hp system management homepage 3.0.0-68