Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:12969207
HistoryFeb 09, 2022 - 12:00 a.m.

JVN#12969207: HPE Agentless Management registers unquoted service paths

2022-02-0900:00:00
Japan Vulnerability Notes
jvn.jp
114

0.0004 Low

EPSS

Percentile

12.1%

JSON

HP Agentless Management provided by Hewlett Packard Enterprise registers some Windows services with unquoted file paths (CWE-428).

Impact

When a registered Windows service path contains spaces and is unquoted, and a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.

Products Affected

  • HPE Agentless Management Service for Windows x64 - versions prior to 1.44.0.0
  • HPE ProLiant Agentless Management Service for HPE Apollo, ProLiant and Synergy Gen9 servers - versions prior to 10.96.0.0

Related

cve 1
prion 1
cvelist 1
openvas 1
cve
cve
CVE-2021-29218
2022-02-04 23:15:00
prion
prion
Design/Logic Flaw
2022-02-04 23:15:00
cvelist
cvelist
CVE-2021-29218
2022-02-04 22:29:15
openvas
openvas
Microsoft Windows Unquoted Path Vulnerability (SMB Login)
2018-03-23 00:00:00

0.0004 Low

EPSS

Percentile

12.1%

JSON
Related for JVN:12969207
cve1prion1cvelist1openvas1