CVSS: 9.0EPSS: 3%CPEs: 3EXPL: 0CVE-2017-13982 – Hewlett Packard Enterprise Application Performance Management System Health UploadManager Servlet Directory Traversal Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2017-13982
07 Sep 2017 — A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. Una vulnerabilidad de salto de directorio en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios suban archivos sin restricción. This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of Hewlett Packard Enterprise ... • http://www.securityfocus.com/bid/101199 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 20%CPEs: 3EXPL: 0CVE-2017-13983 – Hewlett Packard Enterprise Application Performance Management System Health Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2017-13983
07 Sep 2017 — An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. Una vulnerabilidad de autenticación en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios remotos omitan la autenticación. This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Hewlett Packard Enterprise Applicati... • http://www.zerodayinitiative.com/advisories/ZDI-17-722 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-13984 – Hewlett Packard Enterprise Application Performance Management System Health SHExportToExcel Servlet Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2017-13984
07 Sep 2017 — An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. Una vulnerabilidad de autenticación en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios remotos eliminen archivos arbitrarios mediante un salto de directorio servlet. This vulnerability allows remote attackers to delete a... • http://www.zerodayinitiative.com/advisories/ZDI-17-720 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13985 – Hewlett Packard Enterprise Application Performance Management System Health Email Servlet Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-13985
07 Sep 2017 — An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. Una vulnerabilidad de autenticación en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios remotos salten directorios, lo que conduce a una divulgación de información. This vulnerability allows remote attackers to disclose ... • http://zerodayinitiative.com/advisories/ZDI-17-721 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •