CVE-2017-14350 – Hewlett Packard Enterprise Application Performance Management Staging Data Replicator hpbsmsdr Missing Authentication for Critical Function Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2017-14350

A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. Se ha identificado una vulnerabilidad de seguridad potencial en HPE Application Performance Management (BSM) Platform en versiones 9.26, 9.30 y 9.40. La vulnerabilidad podría explotarse de forma remota para permitir la ejecución de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Application Performance Management Staging Data Replicator. The specific flaw exists within the hpbsmsdr web service, which listens on TCP port 29921 by default. • http://www.securityfocus.com/bid/100988 http://www.zerodayinitiative.com/advisories/ZDI-17-825 https://softwaresupport.hpe.com/km/KM02960811 • CWE-306: Missing Authentication for Critical Function •