RULE(RULE ID:321891)

Rule General Information
Release Date: 2019-06-20
Rule Name: HPE System Management Homepage gsearch.php.en Cross-Site Scripting (XSS) Vulnerability (CVE-2017-12544)
Severity:
CVE ID:
Rule Protection Details
Description: A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
Impact: An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed.
Affected OS: Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others
Reference: SecurityFocusBID:101029
SecurityTrackerID:1039437
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us
Solutions
The vendors have released upgrade patches to fix vulnerabilities, please visit:
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us