Remote code execution in HPE Intelligent Management Center PLAT
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 55 |
| CVE-ID | CVE-2017-12487 CVE-2017-12488 CVE-2017-12489 CVE-2017-12490 CVE-2017-12491 CVE-2017-12492 CVE-2017-12493 CVE-2017-12494 CVE-2017-12495 CVE-2017-12496 CVE-2017-12497 CVE-2017-12498 CVE-2017-12499 CVE-2017-12500 CVE-2017-12501 CVE-2017-12502 CVE-2017-12503 CVE-2017-12504 CVE-2017-12505 CVE-2017-12506 CVE-2017-12507 CVE-2017-12508 CVE-2017-12509 CVE-2017-12510 CVE-2017-12511 CVE-2017-12512 CVE-2017-12513 CVE-2017-12514 CVE-2017-12515 CVE-2017-12516 CVE-2017-12517 CVE-2017-12518 CVE-2017-12519 CVE-2017-12520 CVE-2017-12521 CVE-2017-12522 CVE-2017-12523 CVE-2017-12524 CVE-2017-12525 CVE-2017-12526 CVE-2017-12527 CVE-2017-12528 CVE-2017-12529 CVE-2017-12530 CVE-2017-12531 CVE-2017-12532 CVE-2017-12533 CVE-2017-12534 CVE-2017-12535 CVE-2017-12536 CVE-2017-12537 CVE-2017-12538 CVE-2017-12539 CVE-2017-12540 CVE-2017-12541 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #14 is available. |
| Vulnerable software Subscribe |
HP Intelligent Management Center Web applications / Remote management & hosting panels |
| Vendor | Hewlett Packard Enterprise Development LP |
Security Bulletin
This security bulletin contains information about 55 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU7894
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12487
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU7895
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12488
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU7896
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12489
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU7897
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12490
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU7898
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12491
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper input validation
EUVDB-ID: #VU7899
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12492
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU7900
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12493
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU7901
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12494
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper input validation
EUVDB-ID: #VU7902
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12495
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU7903
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12496
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU7904
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12497
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU7905
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12498
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper input validation
EUVDB-ID: #VU7906
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12499
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper input validation
EUVDB-ID: #VU7907
Risk: High
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-12500
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
15) Improper input validation
EUVDB-ID: #VU7908
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12501
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper input validation
EUVDB-ID: #VU7909
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12502
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper input validation
EUVDB-ID: #VU7910
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12503
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper input validation
EUVDB-ID: #VU7911
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12504
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper input validation
EUVDB-ID: #VU7912
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12505
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU7913
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12506
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU7914
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12507
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper input validation
EUVDB-ID: #VU7915
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12508
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper input validation
EUVDB-ID: #VU7916
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12509
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper input validation
EUVDB-ID: #VU7917
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12510
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper input validation
EUVDB-ID: #VU7918
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12511
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper input validation
EUVDB-ID: #VU7919
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12512
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper input validation
EUVDB-ID: #VU7920
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12513
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper input validation
EUVDB-ID: #VU7921
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12514
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper input validation
EUVDB-ID: #VU7922
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12515
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper input validation
EUVDB-ID: #VU7923
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12516
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper input validation
EUVDB-ID: #VU7924
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12517
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper input validation
EUVDB-ID: #VU7925
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12518
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper input validation
EUVDB-ID: #VU7926
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12519
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper input validation
EUVDB-ID: #VU7927
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12520
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper input validation
EUVDB-ID: #VU7928
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12521
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper input validation
EUVDB-ID: #VU7929
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12522
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper input validation
EUVDB-ID: #VU7930
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12523
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper input validation
EUVDB-ID: #VU7931
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12524
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper input validation
EUVDB-ID: #VU7932
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12525
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper input validation
EUVDB-ID: #VU7933
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12526
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improper input validation
EUVDB-ID: #VU7934
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12527
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper input validation
EUVDB-ID: #VU7935
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12528
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper input validation
EUVDB-ID: #VU7936
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12529
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper input validation
EUVDB-ID: #VU7937
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12530
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper input validation
EUVDB-ID: #VU7938
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12531
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improper input validation
EUVDB-ID: #VU7939
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12532
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Improper input validation
EUVDB-ID: #VU7940
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12533
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper input validation
EUVDB-ID: #VU7941
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12534
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper input validation
EUVDB-ID: #VU7942
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12535
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Improper input validation
EUVDB-ID: #VU7943
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12536
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Improper input validation
EUVDB-ID: #VU7944
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12537
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Improper input validation
EUVDB-ID: #VU7945
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12538
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Improper input validation
EUVDB-ID: #VU7946
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12539
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Improper input validation
EUVDB-ID: #VU7947
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12540
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Improper input validation
EUVDB-ID: #VU7948
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12541
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 (E0506).
Vulnerable software versionsHP Intelligent Management Center: 7.3 (E0504)
External linkshttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03768en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
