CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2020-24625 – Hewlett Packard Enterprise Pay per use UCS Meter ReceiverServlet doGet Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-24625
Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. Un salto de directorio no autenticado en el método doGet() de la clase ReceiverServlet puede conllevar a lecturas de archivos arbitrarias en el HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter versión 1.9 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Pay per use UCS Meter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReceiverServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04037en_us • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-24626 – Hewlett Packard Enterprise Pay per use UCS Meter ReceiverServlet doPost Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-24626
Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. Un salto de directorio no autenticado en el método doPost() de la clase ReceiverServlet puede conllevar a una ejecución de código remota arbitraria en HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter versión 1.9 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Pay per use UCS Meter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReceiverServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04037en_us • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2020-24624 – Hewlett Packard Enterprise Pay per use UCS Meter DownloadServlet execute Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-24624
Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. Un salto de directorio no autenticado en el método execute() de la clase DownloadServlet puede conllevar a lecturas de archivos arbitrarias en el HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter versión 1.9 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Pay per use UCS Meter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04037en_us • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •