CVSS: 10.0EPSS: 5%CPEs: 9EXPL: 0CVE-2019-11945 – Hewlett Packard Enterprise Intelligent Management Center AccessMgrServlet className Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-11945
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Se ha identificado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (IMC) PLAT en versiones anteriores a 7.3 E0506P09. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AccessMgrServlet endpoint. When parsing requests, the process does not properly validate user-supplied data, which can result in deserialization of untrusted data. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2019-11947 – Hewlett Packard Enterprise Intelligent Management Center dbman Use of Hard-coded Credentials Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-11947
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Se identificó una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (IMC) PLAT anterior a la versión 7.3 E0506P09. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbman.conf file. The file contains hard-coded default credentials. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2019-11943 – Hewlett Packard Enterprise Intelligent Management Center soapConfigContent Expression Language Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-11943
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Se ha identificado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (IMC) PLAT en versiones anteriores a 7.3 E0506P09. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the beanName parameter provided to the soapConfigContent.xhtml endpoint. When parsing the beanName parameter, the process does not properly validate a user-supplied string before using it to render a page. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-11946 – Hewlett Packard Enterprise Intelligent Management Center Standard ImcLoginMgrImpl Hard-coded Cryptographic Key Credentials Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-11946
A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Se ha identificado una vulnerabilidad revelación de credenciales remota en HPE Intelligent Management Center (IMC) PLAT en versiones anteriores a 7.3 E0506P09. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ImcLoginMgrImpl class. The class contains hard-coded secrets in clear text. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2019-11941 – Hewlett Packard Enterprise Intelligent Management Center iccSelectDevType Expression Language Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-11941
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Se ha identificado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (IMC) PLAT en versiones anteriores a 7.3 E0506P09. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the beanName parameter provided to the iccSelectDevType.xhtml endpoint. When parsing the beanName parameter, the process does not properly validate a user-supplied string before using it to render a page. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us •