Severity | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE ID | CVE-2017-8961 |
CVSSv3 |
8.6 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] |
CWE ID | CWE-22 |
Exploitation vector | Network |
Public exploit | Not available |
Vulnerable software |
HP Intelligent Management Center |
Vulnerable software versions |
HP Intelligent Management Center 7.3 HP Intelligent Management Center 7.2 HP Intelligent Management Center 7.0 Show more |
Vendor URL | Hewlett Packard Enterprise Development LP |
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists in HPE Intelligent Management Center due to a directory traversal flaw in flexFileUpload. A remote attacker can execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3 E0506P03.
External linkshttps://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03788en_us