CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2017-12528
https://notcve.org/view.php?id=CVE-2017-12528
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. Se ha encontrado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (iMC) PLAT versión PLAT 7.3 (E0504). El problema se ha resuelto en HPE Intelligent Management Center PLAT v7.3 (E0506) o en versiones posteriores. • http://www.securityfocus.com/bid/100367 http://www.securitytracker.com/id/1039152 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2017-8984
https://notcve.org/view.php?id=CVE-2017-8984
A remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506P03 was found. En ARM mbed TLS, en versiones anteriores a la 2.7.0, hay una omisión de comprobación de límites mediante un desbordamiento de enteros en el análisis de identidad PSK en la función ssl_parse_client_psk_identity() en library/ssl_srv.c. • http://www.securityfocus.com/bid/102922 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03811en_us •
CVSS: 9.0EPSS: 6%CPEs: 1EXPL: 0CVE-2017-8983 – Hewlett Packard Enterprise Intelligent Management Center redirectviewer Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8983
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found. OpenRC opentmpfiles, hasta la versión 0.1.3, cuando el sysctl fs.protected_hardlinks está desactivado, permite que los usuarios locales se hagan dueños de archivos arbitrarios mediante la creación de un vínculo físico en un directorio en el que se ejecutará "chown -R". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the parafile parameter provided to the redirectviewer servlet. When parsing this parameter, the process does not properly validate a user-supplied path prior to using it in file operations. • https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03808en_us • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 25%CPEs: 1EXPL: 0CVE-2017-8981 – Hewlett Packard Enterprise Intelligent Management Center dbman Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8981
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found. Ruckus Networks Solo APs, en versiones de firmware R110.x o anteriores y Ruckus Networks SZ managed APs, en versiones de firmware R5.x o anteriores, contienen inyección de comandos root autenticados en la interfaz gráfica de usuario web que podrían permitir que usuarios autenticados válidos ejecuten comandos privilegiados en los respectivos sistemas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within dbman.exe. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. • https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03813en_us • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 1CVE-2017-8982 – Hewlett Packard Enterprise Intelligent Management Center UrlAccessController Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2017-8982
A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found. Ruckus Networks Unleashed AP, en versiones de firmware anteriores a 200.6.10.1.x y Ruckus Networks Zone Director, en versiones de firmware 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x y 10.0.1.0.x o anteriores, contienen inyección de comandos root autenticados en la interfaz de línea de comandos que podrían permitir que usuarios autenticados válidos ejecuten comandos privilegiados en los respectivos sistemas. This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center Smart Connect with Wireless Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UrlAccessController servlet. The issue results from the lack of proper filtering of URLs. • https://www.exploit-db.com/exploits/44648 http://www.securitytracker.com/id/1040283 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03809en_us https://www.zerodayinitiative.com/advisories/ZDI-18-139 •