SB2017103002 - Remote code execution in HPE Intelligent Management Center PLAT

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017103002

SB2017103002 - Remote code execution in HPE Intelligent Management Center PLAT

Published: October 30, 2017

Security Bulletin ID SB2017103002
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Deserialization of untrusted data (CVE-ID: CVE-2017-8962)

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists in HPE Intelligent Management Center (iMC) PLAT due to deserialization of untrusted data. A remote attacker can supply a specially crafted input and execute arbitrary code with elevated privileges.

2) Deserialization of untrusted data (CVE-ID: CVE-2017-8963)

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists in HPE Intelligent Management Center (iMC) PLAT due to deserialization of untrusted data. A remote attacker can supply a specially crafted data and execute arbitrary code with elevated privileges.

3) Deserialization of untrusted data (CVE-ID: CVE-2017-8964)

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists in HPE Intelligent Management Center (iMC) PLAT due to deserialization of untrusted data. A remote attacker can supply a specially crafted input and execute arbitrary code with elevated privileges.

4) Deserialization of untrusted data (CVE-ID: CVE-2017-8965)

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists in HPE Intelligent Management Center (iMC) PLAT due to deserialization of untrusted data. A remote attacker can supply a specially crafted input and execute arbitrary code with elevated privileges.

5) Deserialization of untrusted data (CVE-ID: CVE-2017-8966)

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists in HPE Intelligent Management Center (iMC) PLAT due to deserialization of untrusted data. A remote attacker can supply a specially crafted input and execute arbitrary code with elevated privileges.

6) Deserialization of untrusted data (CVE-ID: CVE-2017-8967)

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists in HPE Intelligent Management Center (iMC) PLAT due to deserialization of untrusted data. A remote attacker can supply a specially crafted input and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References