- Home
- CVEs with nessus.description==The version of HPE Intelligent Management Center (IMC) running on the remote host is version 7.2 E0403P06. It is, therefore, affected by multiple vulnerabilities :
- A flaw exists in UrlAccessController when handling URIs with the doFilter() method. A remote attacker can exploit this, via a specially crafted request, to bypass authorization. (CVE-2017-5791)
- A flaw exists in CommonUtils due to improper sanitization of user-supplied input before using it in file operations. An authenticated, remote attacker can exploit this issue, via a specially crafted request that uses path traversal, to upload arbitrary files, which can then be used to execute arbitrary code.
(CVE-2017-5793)
- A flaw exists in FileUploadServlet due to improper sanitization of user-supplied input before using it in file operations. An authenticated, remote attacker can exploit this issue, via a specially crafted request that uses path traversal, to upload arbitrary files, which then can be used to execute arbitrary code.
(CVE-2017-5794)
- A flaw exists in FileDownloadServlet due to improper sanitization of user-supplied input to the 'fileName' parameter before using it in file operations. An authenticated, remote attacker can exploit this issue, via a specially crafted request that uses path traversal, to disclose the content of arbitrary files.
(CVE-2017-5795)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top