| Severity | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE ID | CVE-2017-8961 |
| CVSSv3 |
8.6 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] |
| CWE ID | CWE-22 |
| Exploitation vector | Network |
| Public exploit | Not available |
| Vulnerable software |
HP Intelligent Management Center |
| Vulnerable software versions |
HP Intelligent Management Center 7.3 HP Intelligent Management Center 7.2 HP Intelligent Management Center 7.0 Show more |
| Vendor URL | Hewlett Packard Enterprise Development LP |
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists in HPE Intelligent Management Center due to a directory traversal flaw in flexFileUpload. A remote attacker can execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 E0506P03.
External linkshttps://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03788en_us