CVE-2017-5791 – Hewlett Packard Enterprise Intelligent Management Center UrlAccessController Filter Authentication Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2017-5791

The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. El método doFilter en UrlAccessController en HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 permite la omisión remota de autenticación mediante cadenas no especificadas en una URI. This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. The specific flaw exists within UrlAccessController. The doFilter method contains multiple ways to bypass authentication if the URI contains specific strings. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. • http://www.securityfocus.com/bid/101224 http://www.securityfocus.com/bid/96815 http://www.securitytracker.com/id/1037983 http://www.zerodayinitiative.com/advisories/ZDI-17-161 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03716en_us • CWE-287: Improper Authentication •