|Number of vulnerabilities||1|
|Public exploit||Vulnerability #1 is being exploited in the wild.|
HP Performance Center
Other software / Other software solutions
|Vendor||Hewlett Packard Enterprise Development LP|
This security bulletin contains one high risk vulnerability.
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in Progress Telerik User Interface (UI) for ASP.NET AJAX due to use of user-supplied input by RadAsyncUpload without modification or validation. A remote attacker can upload arbitrary files and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.Mitigation
Update to version 12.55.Vulnerable software versions
HP Performance Center: 11.52 - 12.53Fixed software versions
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?