|
|||
Rule General Information |
---|
Release Date: | 2019-04-22 | |
Rule Name: | HPE Intelligent Management Center WebDMServlet Insecure Deserialization Vulnerability (CVE-2017-12558) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. The vulnerability is due to deserialization of untrusted data by the WebDMServlet while having vulnerable classes in the code path. | |
Impact: | A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted serialized object. Successful exploitation results in arbitrary code execution under the context of the SYSTEM or root user. | |
Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
Reference: | SecurityFocusBID:101152 SecurityTrackerID:1039495 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us |
|
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us |