SB2018012506 - Multiple vulnerabilities in HPE iMC PLAT

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2017-8980)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists in HPE Intelligent Management Center (iMC) PLAT due to an unspecified condition. A remote attacker can gain access to arbitrary data that can be used to conduct further attacks.

2) Remote code execution (CVE-ID: CVE-2017-8981)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists in HPE Intelligent Management Center (iMC) PLAT due to unspecified condition . A remote attacker can execute arbitrary code ans compromise the vulnerable system.

3) Information disclosure (CVE-ID: CVE-2017-8982)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists in HPE Intelligent Management Center (iMC) PLAT due to improper authentication. A remote attacker can bypass authentication and gain access to important data.

Remediation

Install update from vendor's website.

References

• https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03810en_us
• https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03813en_us
• https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03809en_us