Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:HPE-INT-MGMT-INJ |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
HPE Intelligent Management Center ictExpertDownload Expression Language Injection |
Release Date |
2018/01/18 |
Update Number |
3027 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: HPE Intelligent Management Center ictExpertDownload Expression Language Injection
This signature detects attempts to exploit a known vulnerability against HPE Intelligent Management Center. The vulnerability is due to insufficient handling of the beanName request parameter on ictExpertDownload.xhtml. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in the execution of arbitrary code under the security context of the SYSTEM user.
Extended Description
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
Affected Products
- Hp intelligent_management_center 7.3
References
- CVE: CVE-2017-12500