HP Systems Insight Manager < 7.4 Multiple Vulnerabilities
Medium Nessus Plugin ID 78079
SynopsisThe remote Windows host contains software that is affected by multiple vulnerabilities.
DescriptionThe version of HP Systems Insight Manager installed on the remote Windows host is affected by the following vulnerabilities :
- An unspecified vulnerability exists that allows a remote authenticated attacker to gain limited elevated privileges. (CVE-2014-2643)
- A vulnerability exists that allows reflected cross-site scripting attacks, due to the improper validation of user-supplied input before it is returned to the users.
Using a specially crafted request, a remote attacker can execute arbitrary script code within a user's browser.
- An unspecified flaw exists that allows a remote attacker to conduct a clickjacking attack. (CVE-2014-2645)
SolutionUpgrade to HP Systems Insight Manager 7.4 or later. A hotfix has also been made available for HP Systems Insight Manager 7.2.