This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard IT Executive Scorecard. Authentication is not required to exploit this vulnerability. The specific flaw exists within allowed HTTP access to a Glassfish administrative console on port 10001 with no authentication. A remote attacker can abuse this to execute remote code under the context of the SYSTEM user.