The vulnerability of the HPE Intelligent Management Center PLAT software lies in its failure to take measures to neutralize special elements used in the expression language of the operator. This allows a perpetrator to execute arbitrary code.

The vulnerability of the HPE Intelligent Management Center PLAT software lies in the lack of measures taken to neutralize special elements used in the expression language during the processing of the beanName parameter at the devGroupSelect.xhtml endpoint. Exploiting this vulnerability allows an...

CVE-2020-7146

A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7146

The CVE-2020-7146 entry affects Hewlett Packard Enterprise Intelligent Management Center (iMC) prior to PLAT 7.3, release E0705P07. The vulnerability is a devGroupSelect expression language injection that leads to remote code execution. Public details across connected sources specify that the iss...

HPE Intelligent Management Center (IMC) devGroupSelect Expression Language Injection Remote Code Execution Vulnerability

HPE Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Failure, Configuration, Accounting, Performance and Security FCAPS model. A devGroupSelect expression language injection remote code execution vulnerability exists in HPE Intellige...