CVSS: 10.0EPSS: 36%CPEs: 1EXPL: 0CVE-2017-5804 – Hewlett Packard Enterprise Intelligent Management Center imcwlandm Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5804
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. Se ha encontrado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (iMC) PLAT 7.2. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HPE iMC Server service, which listens on UDP port 6666 by default. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. • http://www.securityfocus.com/bid/98088 http://www.securitytracker.com/id/1038377 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03738en_us • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5797 – Hewlett Packard Enterprise Intelligent Management Center Service Operation Manager Module FileDownloadServlet filePath Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-5797
A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found. Se ha encontrado una vulnerabilidad de divulgación de información no autenticada remota en HPE Intelligent Management Center (IMC) SOM versión v7.3 (E0501). This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within Service Operation Manager Module's FileDownloadServlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • http://www.securityfocus.com/bid/97214 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03719en_us • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 6%CPEs: 1EXPL: 0CVE-2017-5793 – Hewlett Packard Enterprise Intelligent Management Center CommonUtils Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5793
A Remote Arbitrary Code Execution vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. Se ha encontrado una vulnerabilidad de ejecución remota de código arbitrario en HPE Intelligent Management Center (IMC) PLAT 7.2 E0403P06. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within CommonUtils. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03717en_us • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5794 – Hewlett Packard Enterprise Intelligent Management Center FileUploadServlet Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5794
A Remote Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. Se ha encontrado una vulnerabilidad de descarga remota de archivos arbitrarios en HPE Intelligent Management Center (IMC) PLAT 7.2 E0403P06. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within FileUploadServlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03715en_us • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 67%CPEs: 1EXPL: 0CVE-2017-5791 – Hewlett Packard Enterprise Intelligent Management Center UrlAccessController Filter Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2017-5791
The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. El método doFilter en UrlAccessController en HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 permite la omisión remota de autenticación mediante cadenas no especificadas en una URI. This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. The specific flaw exists within UrlAccessController. The doFilter method contains multiple ways to bypass authentication if the URI contains specific strings. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. • http://www.securityfocus.com/bid/101224 http://www.securityfocus.com/bid/96815 http://www.securitytracker.com/id/1037983 http://www.zerodayinitiative.com/advisories/ZDI-17-161 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03716en_us • CWE-287: Improper Authentication •