CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2019-5350 – Hewlett Packard Enterprise Intelligent Management Center TopoDebugServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-5350
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Se ha identificado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (IMC) PLAT en versiones anteriores a 7.3 E0506P09. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of serialized objects provided to the TopoDebugServlet endpoint. When parsing the data property, the process does not properly validate a user-supplied string before using it to deserialize an object. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2019-5338 – Hewlett Packard Enterprise Intelligent Management Center addVsiInterfaceInfo Expression Language Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-5338
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Se ha identificado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (IMC) PLAT en versiones anteriores a 7.3 E0506P09. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the beanName parameter provided to the addVsiInterfaceInfo.xhtml endpoint. When parsing the beanName parameter, the process does not properly validate a user-supplied string before using it to render a page. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2019-5340 – Hewlett Packard Enterprise Intelligent Management Center actionSelectContent Expression Language Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-5340
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Se ha identificado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (IMC) PLAT en versiones anteriores a 7.3 E0506P09. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the beanName parameter provided to the actionSelectContent.xhtml endpoint. When parsing the beanName parameter, the process does not properly validate a user-supplied string before using it to render a page. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us •
CVSS: 10.0EPSS: 3%CPEs: 9EXPL: 0CVE-2018-7124 – Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand Expression Language Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7124
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Se ha identificado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (IMC) PLAT en versiones anteriores a 7.3 E0506P09. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the beanName parameter provided to the iccSelectCommand.xhtml endpoint. When parsing the beanName, the process does not properly validate a user-supplied string before using it to render a page. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2019-5341 – Hewlett Packard Enterprise Intelligent Management Center SyslogTempletSelectWin Expression Language Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-5341
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Se ha identificado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (IMC) PLAT en versiones anteriores a 7.3 E0506P09. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the beanName parameter provided to the SyslogTempletSelectWin.xhtml endpoint. When parsing the beanName parameter, the process does not properly validate a user-supplied string before using it to render a page. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us •