Main Vulnerability Database Vulnerabilities #VU38174

Input validation error in UCMDB Configuration Manager - CVE-2017-14351

Published: September 30, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38174

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-14351

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Micro Focus

Affected software:
UCMDB Configuration Manager

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.

How to mitigate CVE-2017-14351

Install update from vendor's website.

Sources

https://softwaresupport.hpe.com/km/KM02968622
https://www.tenable.com/security/research/tra-2017-32

Input validation error in UCMDB Configuration Manager - CVE-2017-14351

Detailed vulnerability description

How to mitigate CVE-2017-14351

Sources

Please verify you're human