3 matches found
CVE-2020-24624
CVE-2020-24624 describes an unauthenticated directory traversal in the DownloadServlet class’s execute() method on Hewlett Packard Enterprise’s Pay Per Use (PPU) Utility Computing Service (UCS) Meter, v1.9. The vulnerability allows an attacker to read arbitrary files via an improper validation of...
CVE-2020-24626
The provided evidence confirms a concrete vulnerability in Hewlett Packard Enterprise Pay Per Use (PPU) Utility Computing Service Meter (UCS Meter) version 1.9, caused by a directory traversal in the ReceiverServlet.doPost method. An unauthenticated attacker can exploit this to perform arbitrary ...
CVE-2020-24625
Summary: CVE-2020-24625 is an unauthenticated directory traversal vulnerability in the ReceiverServlet doGet() of Hewlett Packard Enterprise Pay per Use (PPU) Utility Computing Service (UCS) Meter, up to version 1.9 (vulnerability exists prior to 1.9). The root cause is lack of proper validation ...