CVE-2017-14350
Hewlett Packard Enterprise Application Performance Management Staging Data Replicator hpbsmsdr Missing Authentication for Critical Function Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.
Se ha identificado una vulnerabilidad de seguridad potencial en HPE Application Performance Management (BSM) Platform en versiones 9.26, 9.30 y 9.40. La vulnerabilidad podría explotarse de forma remota para permitir la ejecución de código.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Application Performance Management Staging Data Replicator.
The specific flaw exists within the hpbsmsdr web service, which listens on TCP port 29921 by default. The software does not provide any authentication for functionality that can invoke arbitrary classes. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-12 CVE Reserved
- 2017-09-26 CVE Published
- 2024-09-16 CVE Updated
- 2024-11-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100988 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-17-825 | X_refsource_misc |
|
| https://softwaresupport.hpe.com/km/KM02960811 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hp Search vendor "Hp" | Application Performance Management Search vendor "Hp" for product "Application Performance Management" | 9.26 Search vendor "Hp" for product "Application Performance Management" and version "9.26" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Application Performance Management Search vendor "Hp" for product "Application Performance Management" | 9.30 Search vendor "Hp" for product "Application Performance Management" and version "9.30" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Application Performance Management Search vendor "Hp" for product "Application Performance Management" | 9.40 Search vendor "Hp" for product "Application Performance Management" and version "9.40" | - |
Affected
| ||||||