Main Vulnerability Database Vulnerabilities #VU38174

#VU38174 Input validation error in UCMDB Configuration Manager - CVE-2017-14351

Published: September 30, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38174

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-14351

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
UCMDB Configuration Manager

Software vendor:
Micro Focus

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.

Remediation

Install update from vendor's website.

External links

https://softwaresupport.hpe.com/km/KM02968622
https://www.tenable.com/security/research/tra-2017-32

#VU38174 Input validation error in UCMDB Configuration Manager - CVE-2017-14351

Description

Remediation

External links

Please verify you're human