Vulnerability CVE-2017-8966


Published: 2018-02-15

Description:
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

Type:

CWE-502

(Deserialization of Untrusted Data)

Vendor: HP
Product: Intelligent management center 
Version: 7.3;

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securitytracker.com/id/1039684
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us

Related CVE
CVE-2018-7076
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04.
CVE-2018-5921
A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow el...
CVE-2018-7104
A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.
CVE-2018-7103
A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.
CVE-2018-7101
A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30.
CVE-2018-7100
A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could...
CVE-2018-7099
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information.
CVE-2018-7098
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal.

Copyright 2018, cxsecurity.com

 

Back to Top