CVSS: 10.0EPSS: 36%CPEs: 1EXPL: 0CVE-2017-5804 – Hewlett Packard Enterprise Intelligent Management Center imcwlandm Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5804
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. Se ha encontrado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (iMC) PLAT 7.2. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HPE iMC Server service, which listens on UDP port 6666 by default. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. • http://www.securityfocus.com/bid/98088 http://www.securitytracker.com/id/1038377 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03738en_us • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.0EPSS: 6%CPEs: 1EXPL: 0CVE-2017-5793 – Hewlett Packard Enterprise Intelligent Management Center CommonUtils Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5793
A Remote Arbitrary Code Execution vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. Se ha encontrado una vulnerabilidad de ejecución remota de código arbitrario en HPE Intelligent Management Center (IMC) PLAT 7.2 E0403P06. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within CommonUtils. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03717en_us • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5794 – Hewlett Packard Enterprise Intelligent Management Center FileUploadServlet Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5794
A Remote Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. Se ha encontrado una vulnerabilidad de descarga remota de archivos arbitrarios en HPE Intelligent Management Center (IMC) PLAT 7.2 E0403P06. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within FileUploadServlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03715en_us • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 36%CPEs: 1EXPL: 0CVE-2017-5790 – Hewlett Packard Enterprise Intelligent Management Center accessMgrServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5790
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. Se ha encontrado una vulnerabilidad de deserialización remota de datos no fiables en HPE Intelligent Management Center (IMC) PLAT 7.2 E0403P06. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the accessMgrServlet servlet. The issue lies in the failure to properly validate user-supplied data which can result in deserialization of untrusted data. • http://www.securityfocus.com/bid/96755 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03710en_us https://www.tenable.com/security/research/tra-2017-12 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5795 – Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet fileName Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-5795
A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found. Se ha encontrado una vulnerabilidad de descarga local de archivos arbitrarios en HPE Intelligent Management Center (IMC) en versiones PLAT 7.2 E0403P06. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within FileDownloadServlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • http://www.securityfocus.com/bid/96773 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03714en_us • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •