__________________________________________________________

                       The U.S. Department of Energy
                   Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

               HP Sysetm Management Homepage (SMH) Vulnerability
                        [HPSBMA02216 SSRT071310 rev. 1]

June 6, 2007 16:00 GMT                                            Number R-265
______________________________________________________________________________
PROBLEM:       Potential security vulnerabilities have been identified with HP 
               System Management Homepage (SMH) for Linux and Windows. 
PLATFORM:      HP System Management Homepage (SMH) versions prior to v2.1.2 
               running on Linux and Windows 
DAMAGE:        Remote cross site scripting (XSS). 
SOLUTION:      Upgrade to the appropriate version. 
______________________________________________________________________________
VULNERABILITY  The risk is MEDIUM. Remote cross site scripting (XSS). 
ASSESSMENT:                                                                   
______________________________________________________________________________
LINKS: 
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/r-265.shtml 
 ORIGINAL BULLETIN:  Visit Hewlett-Packard Subscription Service for: 
                     HPSBMA02216 SSRT071310 rev. 1 
______________________________________________________________________________