310 matches found
CVE-2017-5816
CVE-2017-5816: A Remote Code Execution via HPE iMC PLAT 7.3 E0504P04 dbman RestartDB (opcode 10008) allows unauthenticated remote command execution due to improper validation of RestartDB input. The vulnerability affects the dbman component of HP iMC and can execute OS commands as SYSTEM over TCP...
CVE-2013-4822
CVE-2013-4822 affects HP Intelligent Management Center (iMC) Branch Intelligent Management System (BIMS) UploadServlet. The vulnerability is described as an unauthenticated file-upload vulnerability in the BIMS module, enabling remote attackers to upload arbitrary files and potentially execute ar...
CVE-2012-5208
CVE-2012-5208 affects HP Intelligent Management Center (iMC) and iMC for ANM prior to 5.2 E0401. The connected sources identify this as an information-disclosure vulnerability (remote, via unknown vectors per ZDI-1615) that could allow an attacker to obtain sensitive information. The issue is emb...
CVE-2012-5201
HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) prior to 5.2 E0401 are affected by an unspecified remote code execution vulnerability (CVE-2012-5201). Multiple connected sources indicate the flaw relates to the mibFileUpload component a...
CVE-2013-4824
HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module contain an authentication bypass in the AccountService RpcServiceServlet (CVE-2013-4824). The vulnerability allows remote attackers to bypass authentication and can enable account creation/manipulation,...
CVE-2012-5206
CVE-2012-5206 affects HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) prior to 5.2 E0401. The vulnerability enables remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors (ZDI-CAN...
CVE-2013-4826
CVE-2013-4826 affects the HP Intelligent Management Center (iMC) SOM Module, specifically the FileDownloadServlet. An unauthenticated remote attacker can disclose arbitrary files due to a lack of authentication in the servlet, enabling information exposure (CVE-2013-4826; CVSSv2 base 5.0). A Meta...
CVE-2012-5204
CVE-2012-5204 affects HP Intelligent Management Center (iMC) and related ANM modules. The connected documentation confirms a directory traversal in the IctDownloadServlet that enables an unauthenticated attacker to retrieve arbitrary files with SYSTEM privileges, leading to information disclosure...
CVE-2019-5392
CVE-2019-5392 affects HPE Intelligent Management Center (IMC) PLAT releases prior to 7.3 E0506P09. The issue is an information-disclosure vulnerability in the dbman component (command 10001), where improper validation allows an unauthenticated remote attacker to view potentially sensitive informa...
CVE-2012-5202
CVE-2012-5202 is an information disclosure vulnerability in HP Intelligent Management Center (iMC) and ANM/FaultDownloadServlet prior to 5.2 E0401. The issue arises from a directory traversal vulnerability that, per the Metasploit module, allows unauthenticated attackers to access arbitrary files...
CVE-2019-5391
CVE-2019-5391 is a stack-based buffer overflow vulnerability in HPE Intelligent Management Center (IMC) Platform, present in IMC PLAT versions earlier than 7.3 E0506P09. Multiple connected sources (including Red Hat, CNVD, CVE records) describe it consistently as a stack overflow issue affecting ...
CVE-2019-5390
CVE-2019-5390 is a remote command injection vulnerability in HPE Intelligent Management Center (IMC) PLAT prior to version 7.3 E0506P09. The issue affects the iMC/dbman components and allows an unauthenticated, network‑based attacker to execute arbitrary commands on the remote host. Impact is des...
CVE-2019-5385
Summary (CVE-2019-5385) : A remote code execution vulnerability exists in HPE Intelligent Management Center (IMC) PLAT older than 7.3 E0506P09. The issue is an Expression Language injection in the perfSelectTask endpoint, due to insufficient validation of the beanName parameter. Exploitation can ...
CVE-2017-12561
CVE-2017-12561 is a remote code execution flaw in HP/HPE Intelligent Management Center (iMC) PLAT 7.3 E0504P4 and earlier. The ZDI advisory details a use-after-free in the dbman service (listening on TCP port 2810) where a crafted opcode 10012 message can reuse a freed pointer to execute arbitrar...
CVE-2019-11953
CVE-2019-11953 affects Hewlett Packard Enterprise Intelligent Management Center (IMC) Platform prior to 7.3 E0506P09. The root cause is improper handling/validation of the beanName parameter in the smsRulesDownload.xhtml endpoint, allowing an attacker to cause remote code execution. Some sources ...
CVE-2019-11957
CVE-2019-11957 affects HPE Intelligent Management Center (IMC) PLAT earlier than 7.3 E0506P09. The vulnerability is described as remote code execution. Several connected sources reiterate IMC versions prior to 7.3 E0506P09, with Red Hat and CNVD entries additionally noting a stack buffer overflow...
CVE-2019-5389
CVE-2019-5389 affects Hewlett Packard Enterprise Intelligent Management Center (IMC) PLAT prior to 7.3 E0506P09. The root cause is an expression-language injection in IMC that can lead to remote code execution. ZDI notes that authentication is required to exploit, but the authentication mechanism...
CVE-2019-11958
CVE-2019-11958 affects Hewlett Packard Enterprise Intelligent Management Center (IMC) Platform versions prior to 7.3 E0506P09. The connected sources describe a remote code execution vulnerability in the IMC operatorGroupSelectContent Expression Language. The root cause is improper handling/valida...
CVE-2019-11962
HPE Intelligent Management Center (IMC) PLAT contains a remote code execution vulnerability in the selectUserGroup expression language handling. Affected: IMC PLAT versions earlier than 7.3 E0506P09. Root cause: expression-language injection in selectUserGroup.xhtml. Impact: remote code execution...
CVE-2019-11985
CVE-2019-11985 affects HPE Intelligent Management Center (IMC) PLAT prior to 7.3 E0506P09. A remote attacker can trigger code execution via the beanName parameter handled by choosePerfView.xhtml due to improper validation. Documents indicate network-exposed remote code execution with possible aut...
CVE-2017-12500
CVE-2017-12500 is a remote, unauthenticated RCE in HPE iMC PLAT 7.3 (E0504) via EL Injection (beanName parameter and related pages). Exploitation leads to arbitrary code execution; patched in PLAT v7.3 (E0506) or later (per NVD entry and corroborating exploit references).
CVE-2019-11986
Summary: CVE-2019-11986 affects Hewlett Packard Enterprise Intelligent Management Center (IMC) PLAT prior to version 7.3 E0506P09. A flaw in the GWT perfSelItemServer expression language allows an attacker to trigger remote code execution. The root cause is an injection in the expression evaluati...
CVE-2019-5386
CVE-2019-5386 affects HPE Intelligent Management Center (IMC) PLAT versions earlier than 7.3 E0506P09. The connected advisories describe a remote code execution vulnerability arising from incorrect handling of the beanName parameter in the Expression Language injection path, specifically involvin...
CVE-2019-11961
Affected software: HPE Intelligent Management Center (IMC) PLAT, prior to 7.3 E0506P09. Vulnerability: Remote code execution via templateSelect expression language injection, enabling code execution in the context of SYSTEM. Root cause / vector: Handling of templateSelect.xhtml beanName parameter...
CVE-2019-5373
CVE-2019-5373 affects Hewlett Packard Enterprise Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09 . The root cause is improper handling/validation of the beanName parameter in the IMC web components (notably related to CustomTemplateSelectBean/bean handling in customTemp...
CVE-2020-24646
HPE Intelligent Management Center (iMC) before PLAT 7.3 (E0705P07) is affected by CVE-2020-24646. The vulnerability is a stack-based buffer overflow in the tftpserver component that allows remote code execution. The root cause is improper validation of the length of user-supplied data prior to co...
CVE-2019-11954
CVE-2019-11954 is a remote code execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center (IMC) PLAT prior to 7.3 E0506P09. The root cause is improper validation of the beanName parameter in the operationSelect.xhtml endpoint, allowing an attacker to execute code in the ...
CVE-2019-11960
HPE Intelligent Management Center (IMC) PLAT, affected in versions earlier than 7.3 E0506P09, is vulnerable to a remote code execution through select expression language injection. The root cause involves improper handling of the beanName parameter in the select.xhtml endpoint, enabling an attack...
CVE-2020-7160
CVE-2020-7160 affects Hewlett Packard Enterprise Intelligent Management Center (iMC) before PLAT 7.3 (E0705P07). The issue is a iccSelectDeviceSeries expression language injection in the iccSelectDeviceSeries.xhtml endpoint, allowing remote code execution. The vulnerability can execute code with ...
CVE-2020-7192
HPE Intelligent Management Center (iMC) before PLAT 7.3 (E0705P07) is affected. The vulnerability is in the deviceThresholdConfig expression language handling (beanName parameter), where improper input validation enables remote code execution in the context of SYSTEM. Public advisories (e.g., ZDI...
CVE-2019-11980
HPE Intelligent Management Center (IMC) Platform vulnerable in releases older than 7.3 E0506P09. The issue resides in SSHParameterResource addSSHParameterKeyFile handling, enabling remote code execution. Exploitation requires authentication, but the existing mechanism can be bypassed according to...
CVE-2020-24630
The CVE-2020-24630 issue affects Hewlett Packard Enterprise Intelligent Management Center (iMC) prior to PLAT 7.3 (E0705P07). The ZDI advisory describes a privilege-escalation flaw in the operatorOnlineList_content.xhtml/operatorOnlineList_contentOnly.xhtml endpoints, where sensitive admin-level ...
CVE-2017-5792
CVE-2017-5792 affects HPE Intelligent Management Center (iMC) PLAT v7.3 E0504P2. The issue is a Java deserialization flaw in the euplat RMI registry that allows unauthenticated remote code execution via specially crafted serialized data, leveraging CommonsBeanutils. Public references (Exploit DB,...
CVE-2017-5817
HPE iMC PLAT 7.3 E0504P04 contains a Remote Code Execution via the dbman RestoreDBase opcode 10007. The vulnerability arises from improper validation of user-supplied input in RestoreDBase handling, allowing unauthenticated remote attackers to inject commands and execute arbitrary OS commands wit...
CVE-2020-7156
HPE iMC (Intelligent Management Center)
CVE-2020-7167
The CVE-2020-7167 issue affects Hewlett Packard Enterprise’s Intelligent Management Center (iMC) prior to version 7.3 (E0705P07). The vulnerability is a quickTemplateSelect expression language injection that leads to remote code execution. Affected component is the iMC web interface handling the ...
CVE-2019-5387
CVE-2019-5387 describes a remote code execution in HPE Intelligent Management Center (IMC) PLAT older than 7.3 E0506P09 . Connected advisories confirm the vulnerability stems from an expression-language/beanName handling flaw (navigationTo expression language injection) that allows an attacker to...
CVE-2019-5388
HPE Intelligent Management Center (IMC) PLAT is affected by CVE-2019-5388 in versions earlier than 7.3 E0506P09. The published reports describe a remote code execution vulnerability stemming from an expression language injection in IMC’s handling of the evaluation context (notably the passBeanNam...
CVE-2011-1851
CVE-2011-1851 affects HP Intelligent Management Center (IMC) 5.0 before E0101L02. The vulnerability is a stack-based buffer overflow in the tftpserver.exe component triggered by a long mode field in received TFTP packets, enabling remote code execution in the security context of the service. Red ...
CVE-2017-12489
CVE-2017-12489 is a remote code execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT, affecting PLAT 7.3 (E0504). The issue is exploitable remotely over the network with low attack complexity and no user interaction, potentially compromising confidentiali...
CVE-2017-12557
CVE-2017-12557 is an RCE in Hewlett Packard Enterprise HP iMC (HPE iMC) WebDMDebugServlet. Public records identify the vulnerability as insecure/deserialization that can be triggered remotely (no authentication) via standard ports (8080/8443), affecting iMC Plat 7.3 E0504P2 and earlier. Exploitat...
CVE-2020-7169
Affected product : HPE Intelligent Management Center (iMC). Vulnerability class : ictExpertCSVDownload expression language injection leading to remote code execution. Root cause : improper handling of the beanName parameter in ictExpertCSVDownload.xhtml, allowing crafted input to be evaluated as ...
CVE-2020-7141
Vulnerability: HPE Intelligent Management Center (iMC) prior to 7.3 (E0705P07) is affected by a remote code execution through adddevicetoview Expression Language Injection. Root cause (per ZDI): improper handling/validation of the beanName parameter in addDeviceToView.xhtml, enabling arbitrary co...
CVE-2020-7161
CVE-2020-7161 affects Hewlett Packard Enterprise Intelligent Management Center (iMC) prior to PLAT 7.3 (E0705P07). Multiple connected sources corroborate a reportTaskSelect expression language injection in iMC that enables remote code execution. The Red Hat, CNVD, NVD and ZDI entries describe the...
CVE-2020-7166
CVE-2020-7166 affects Hewlett Packard Enterprise Intelligent Management Center (iMC) prior to version 7.3 (E0705P07). The issue is a remote code execution vulnerability caused by operatorGroupTreeSelectContent expression language injection, triggered via the beanName handling in operatorGroupTree...
CVE-2020-7190
CVE-2020-7190 : In HPE Intelligent Management Center (iMC) prior to PLAT 7.3 (E0705P07), a deviceselect expression language injection allows remote code execution. The flaw stems from handling of the beanName parameter in deviceSelect.xhtml, enabling an attacker to run arbitrary code with SYSTEM ...
CVE-2019-5349
CVE-2019-5349 is a remote code execution in HPE Intelligent Management Center (IMC) PLAT, affecting IMC up to and including 7.3 E0506P09. Connected sources describe a TopoDebugServlet expression language injection that can lead to remote code execution, with exploitation details indicating that a...
CVE-2018-7123
CVE-2018-7123 is a remote denial-of-service vulnerability in HPE Intelligent Management Center (IMC) PLAT prior to version 7.3 E0506P09 . Multiple sources describe an unauthenticated remote DoS triggered via dbman/related commands (e.g., a crafted 10014 request), potentially causing the affected ...
CVE-2020-7151
HPE Intelligent Management Center (iMC) before PLAT 7.3 E0705P07 is affected by a faulttrapgroupselect expression language injection that leads to remote code execution. The vulnerability stems from improper handling of the beanName parameter in faultTrapGroupSelect.xhtml, allowing an attacker to...
CVE-2020-7154
CVE-2020-7154 affects HPE Intelligent Management Center (iMC) prior to 7.3 (PLAT E0705P07). The root cause is an expression language injection in the ifViewSelectPage.xhtml handling of the beanName parameter, allowing an attacker to execute arbitrary code on affected installations. Public sources...