Detections
Analytics
HP Operations Orchestration 10.x < 10.22.001 XSRF
medium Nessus Network Monitor Plugin ID 700088
Synopsis
The remote host is running HP Operations Orchestration and is affected by a Cross-Site Request Forgery (CSRF/XSRF) attack vector.Description
The remote host is running HP Operations Orchestration software and is affected by a flaw as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a CSRF/XSRF attack causing the victim to have an unspecified impact.Solution
Upgrade to HP Operations Orchestration 10.22.001 or higher.See Also
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04894110
Plugin Details
Severity: Medium
ID: 700088
Family: Web Servers
Published: 5/10/2017
Updated: 3/6/2019
Nessus ID: 87172
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 5.6
Temporal Score: 5.4
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:hp:operations_orchestration
Patch Publication Date: 11/18/2015
Vulnerability Publication Date: 11/18/2015
Reference Information
CVE: CVE-2015-5451
BID: 97940