CVSS: 9.8EPSS: 19%CPEs: 1EXPL: 1CVE-2017-5792 – Hewlett Packard Enterprise Intelligent Management Center RMI Registry Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5792
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. Se ha encontrado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (iMC) PLAT 7.3 E0504P2. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the euplat RMI registry. The issue lies in the failure to properly validate user-supplied data which can result in deserialization of untrusted data. • https://www.exploit-db.com/exploits/43927 http://www.securityfocus.com/bid/96769 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03713en_us https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03815en_us https://www.tenable.com/security/research/tra-2017-18 https://www.tenable.com/security/research/tra-2018-01 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 36%CPEs: 1EXPL: 0CVE-2017-5790 – Hewlett Packard Enterprise Intelligent Management Center accessMgrServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5790
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. Se ha encontrado una vulnerabilidad de deserialización remota de datos no fiables en HPE Intelligent Management Center (IMC) PLAT 7.2 E0403P06. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the accessMgrServlet servlet. The issue lies in the failure to properly validate user-supplied data which can result in deserialization of untrusted data. • http://www.securityfocus.com/bid/96755 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03710en_us https://www.tenable.com/security/research/tra-2017-12 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5795 – Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet fileName Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-5795
A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found. Se ha encontrado una vulnerabilidad de descarga local de archivos arbitrarios en HPE Intelligent Management Center (IMC) en versiones PLAT 7.2 E0403P06. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within FileDownloadServlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • http://www.securityfocus.com/bid/96773 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03714en_us • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8525
https://notcve.org/view.php?id=CVE-2016-8525
A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version. Se ha encontrado una vulnerabilidad de divulgación de información remota en HPE iMC PLAT en versiones v7.2 E0403P06 y anteriores. El problema se ha resuelto en iMC PLAT 7.3 E0504 o en versiones posteriores. • http://www.securityfocus.com/bid/95912 http://www.securitytracker.com/id/1037756 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382418 https://www.tenable.com/security/research/tra-2017-09 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 4%CPEs: 6EXPL: 1CVE-2016-4372 – HPE < 7.2 - Java Deserialization
https://notcve.org/view.php?id=CVE-2016-4372
HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. HPE iMC PLAT en versiones anteriores a 7.2 E0403P04, iMC EAD en versiones anteriores a 7.2 E0405P05, iMC APM en versiones anteriores a 7.2 E0401P04, iMC NTA en versiones anteriores a 7.2 E0401P01, iMC BIMS en versiones anteriores a7.2 E0402P02 y iMC UAM_TAM en versiones anteriores a 7.2 E0405P05 permiten a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). • https://www.exploit-db.com/exploits/42756 http://www.securityfocus.com/bid/91739 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05200601 • CWE-20: Improper Input Validation •