HP Operations Orchestration 10.x < 10.22.001 XSRF

Medium Nessus Network Monitor Plugin ID 700088


The remote host is running HP Operations Orchestration and is affected by a Cross-Site Request Forgery (CSRF/XSRF) attack vector.


The remote host is running HP Operations Orchestration software and is affected by a flaw as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a CSRF/XSRF attack causing the victim to have an unspecified impact.


Upgrade to HP Operations Orchestration 10.22.001 or higher.

See Also


Plugin Details

Severity: Medium

ID: 700088

File Name: 700088.prm

Family: Web Servers

Published: 2017/05/10

Modified: 2017/05/10

Dependencies: 700023

Nessus ID: 87172

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 5.6

Temporal Score: 5.4


Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:hp:operations_orchestration

Patch Publication Date: 2015/11/18

Vulnerability Publication Date: 2015/11/18

Reference Information

CVE: CVE-2015-5451

BID: 97940

OSVDB: 130437