Path traversal in Cloud Optimizer - CVE-2017-8944
Published: May 23, 2017 / Updated: May 23, 2017
Vulnerability identifier: #VU6621
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-8944
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: HPE
Affected software:
Cloud Optimizer
Cloud Optimizer
Detailed vulnerability description
The vulnerability allows a remote attacker obtain potentially sensitive information on the target system.
The weakness exists in the DownloadServlet servlet due to improper validation of user-supplied paths for file operations. A remote attacker can use undisclosed means and gain access to arbitrary files on the target system.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists in the DownloadServlet servlet due to improper validation of user-supplied paths for file operations. A remote attacker can use undisclosed means and gain access to arbitrary files on the target system.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-8944
Update to version 3.01.