Main Vulnerability Database Vulnerabilities #VU38173

Missing Authentication for Critical Function in Application Performance Management - CVE-2017-14350

Published: September 30, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38173

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-14350

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Application Performance Management

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.

How to mitigate CVE-2017-14350

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/100988
http://www.zerodayinitiative.com/advisories/ZDI-17-825/
https://softwaresupport.hpe.com/km/KM02960811

Missing Authentication for Critical Function in Application Performance Management - CVE-2017-14350

Detailed vulnerability description

How to mitigate CVE-2017-14350

Sources

Please verify you're human