Improper input validation in HP Intelligent Management Center - CVE-2017-12559
Published: October 4, 2017
Vulnerability identifier: #VU8676
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12559
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Hewlett Packard Enterprise Development LP
Affected software:
HP Intelligent Management Center
HP Intelligent Management Center
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to input validation flaw in the mibFileServlet servlet. A remote attacker can send specially crafted data to TCP port 8080 or 8443 to delete arbitrary files and cause the application to crash.
The weakness exists due to input validation flaw in the mibFileServlet servlet. A remote attacker can send specially crafted data to TCP port 8080 or 8443 to delete arbitrary files and cause the application to crash.
How to mitigate CVE-2017-12559
Update to version 7.3 E0506P03.