Bird_banner_small4
HPE Intelligent Management Center PLAT flexFileUpload Arbitrary File Upload
TSL ID TSL20171031-08
CVE ID(s) CVE-2017-8961
Severity High
Description

An arbitrary file upload vulnerability exists in HPE Intelligent Management Center PLAT. The vulnerability is due to an input validation issue on requests handled by the FileUploadServlet servlet.

A remote authenticated attacker could exploit these vulnerabilities by sending crafted packets to a vulnerable server. Successful exploitation could lead to arbitrary code execution in the context of SYSTEM or root.

The vendor, HPE, has released the following advisories regarding this vulnerability:

https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03788en_us

Affected Products
  • HP Intelligent Management Center prior to 7.3 E0506P03
CVSS Score Base 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is SINGLE
  • Impact of this vulnerability on data confidentiality is COMPLETE
  • Impact of this vulnerability on data integrity is COMPLETE
  • Impact of this vulnerability on data availability is COMPLETE
Temporal 6.3 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
Identifiers
ZDI
References https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03788en_us
Related Threats