HPE IceWall Agent CSRF Vulnerability Advisory

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Type: Cross-Site Request Forgery (CSRF) - Affected Products: HPE IceWall Agent products - Affected Versions: Specific versions of IceWall modules, including but not limited to IceWall Gen11 Agent for Apache httpd 2.4, IceWall Gen11 Agent for Windows IIS, etc. 2. Potential Security Impact: - Remote attackers may exploit this vulnerability to launch CSRF attacks during the login process. 3. Affected Software Versions: - Specific versions of IceWall modules, including but not limited to IceWall Gen11 Agent for Apache httpd 2.4, IceWall Gen11 Agent for Windows IIS, etc. 4. Supported Software Versions: - Specific versions of IceWall modules, including but not limited to IceWall Gen11 Agent for Apache httpd 2.4, IceWall Gen11 Agent for Windows IIS, etc. 5. Solution: - Updated IceWall modules, including specific versions of IceWall modules, are provided to resolve this vulnerability. 6. Background Information: - HPE uses CVSS 3.1 to assess the severity of vulnerabilities. 7. History: - Version 1 was initially released on September 23, 2024. 8. Report Vulnerability: - A web form and email address are provided for reporting potential security vulnerabilities. 9. Subscribe: - An option to subscribe to future HPE security advisories is available. 10. Disclaimer: - HPE does not guarantee the accuracy or completeness of the provided information and is not liable for any damages. This information helps users understand the details of the vulnerability, affected software versions, available solutions, and how to report or subscribe to related security advisories.

Goal Reached Thanks to every supporter — we hit 100%!

HPE IceWall Agent CSRF Vulnerability Advisory