CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5795 – Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet fileName Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-5795
A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found. Se ha encontrado una vulnerabilidad de descarga local de archivos arbitrarios en HPE Intelligent Management Center (IMC) en versiones PLAT 7.2 E0403P06. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within FileDownloadServlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • http://www.securityfocus.com/bid/96773 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03714en_us • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8525
https://notcve.org/view.php?id=CVE-2016-8525
A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version. Se ha encontrado una vulnerabilidad de divulgación de información remota en HPE iMC PLAT en versiones v7.2 E0403P06 y anteriores. El problema se ha resuelto en iMC PLAT 7.3 E0504 o en versiones posteriores. • http://www.securityfocus.com/bid/95912 http://www.securitytracker.com/id/1037756 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382418 https://www.tenable.com/security/research/tra-2017-09 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •