Está usted visitando una publicación en la hemeroteca de CSIRT-CV.
Para acceder al portal y contenido actual, visite https://www.csirtcv.gva.es
06/02/2019
Es publiquen múltiples vulnerabilitats en Intelligent Management Center de HPE
De les 12 vulnerabilitats reportades una està considerada de severitat mitjana, 9 altes i 2 crítiques.Risc: Crític
La primera de les vulnerabilitats considerades com a crítiques consisteix en el filtratge inadequat de les URL presents en el servlet UrlAccessController, la segona té a veure amb la gestió incorrecta del paràmetre benName proporcionat pel endpoint iccSelectCommand.xhtml.
Podeu llegir el detall complet en el següent enllaç.
Sistemes Afectats:
Intelligent Management Center
Referències:None
Solució:
Mes informació:
- (0day) Hewlett Packard Enterprise Intelligent Management Center faultInfo_content Expression Language Injection Remote Code Execution Vulnerability
- (0day) Hewlett Packard Enterprise Intelligent Management Center faultDevParasSet Expression Language Injection Remote Code Execution Vulnerability
- (0day) Hewlett Packard Enterprise Intelligent Management Center eventInfo_content Expression Language Injection Remote Code Execution Vulnerability
- (0day) Hewlett Packard Enterprise Intelligent Management Center UrlAccessController Authentication Bypass Vulnerability
- (0day) Hewlett Packard Enterprise Intelligent Management Center compareFilesResult Expression Language Injection Remote Code Execution Vulnerability
- (0day) Hewlett Packard Enterprise Intelligent Management Center legend Expression Language Injection Remote Code Execution Vulnerability
- (0day) Hewlett Packard Enterprise Intelligent Management Center SyslogTempletSelectWin Expression Language Injection Remote Code Execution Vulnerability
- (0day) Hewlett Packard Enterprise Intelligent Management Center actionSelectContent Expression Language Injection Remote Code Execution Vulnerability
- (0day) Hewlett Packard Enterprise Intelligent Management Center devGroupSelect Expression Language Injection Remote Code Execution Vulnerability
- (0day) Hewlett Packard Enterprise Intelligent Management Center addVsiInterfaceInfo Expression Language Injection Remote Code Execution Vulnerability
- (0day) Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand Expression Language Injection Remote Code Execution Vulnerability
- (0day) Hewlett Packard Enterprise Intelligent Management Center PrimeFaces Expression Language Injection Remote Code Execution Vulnerability
Font: Incibe-cert