CVSS: 10.0EPSS: 5%CPEs: 3EXPL: 0CVE-2017-14350 – Hewlett Packard Enterprise Application Performance Management Staging Data Replicator hpbsmsdr Missing Authentication for Critical Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-14350
A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. Se ha identificado una vulnerabilidad de seguridad potencial en HPE Application Performance Management (BSM) Platform en versiones 9.26, 9.30 y 9.40. La vulnerabilidad podría explotarse de forma remota para permitir la ejecución de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Application Performance Management Staging Data Replicator. The specific flaw exists within the hpbsmsdr web service, which listens on TCP port 29921 by default. • http://www.securityfocus.com/bid/100988 http://www.zerodayinitiative.com/advisories/ZDI-17-825 https://softwaresupport.hpe.com/km/KM02960811 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13982 – Hewlett Packard Enterprise Application Performance Management System Health UploadManager Servlet Directory Traversal Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2017-13982
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. Una vulnerabilidad de salto de directorio en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios suban archivos sin restricción. This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of Hewlett Packard Enterprise Application Performance Management System Health. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UploadManager servlet, which listens on TCP port 18080 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • http://www.securityfocus.com/bid/101199 http://www.zerodayinitiative.com/advisories/ZDI-17-719 https://softwaresupport.hpe.com/km/KM02942065 https://www.auscert.org.au/bulletins/52154 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 23%CPEs: 3EXPL: 0CVE-2017-13983 – Hewlett Packard Enterprise Application Performance Management System Health Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2017-13983
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. Una vulnerabilidad de autenticación en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios remotos omitan la autenticación. This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Hewlett Packard Enterprise Application Performance Management System Health. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the System Health service, which listens on TCP port 18080 by default. By submitting a crafted request, an attacker can bypass authentication to access the web application. • http://www.zerodayinitiative.com/advisories/ZDI-17-722 https://softwaresupport.hpe.com/km/KM02942065 https://www.auscert.org.au/bulletins/52154 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-13984 – Hewlett Packard Enterprise Application Performance Management System Health SHExportToExcel Servlet Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2017-13984
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. Una vulnerabilidad de autenticación en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios remotos eliminen archivos arbitrarios mediante un salto de directorio servlet. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Hewlett Packard Enterprise Application Performance Management System Health. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SHExportToExcel servlet, which listens on TCP port 18080 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • http://www.zerodayinitiative.com/advisories/ZDI-17-720 https://softwaresupport.hpe.com/km/KM02942065 https://www.auscert.org.au/bulletins/52154 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13985 – Hewlett Packard Enterprise Application Performance Management System Health Email Servlet Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-13985
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. Una vulnerabilidad de autenticación en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios remotos salten directorios, lo que conduce a una divulgación de información. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Application Performance Management System Health. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Email servlet, which listens on TCP port 18080 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • http://zerodayinitiative.com/advisories/ZDI-17-721 https://softwaresupport.hpe.com/km/KM02942065 https://www.auscert.org.au/bulletins/52154 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •