7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
0.041 Low
EPSS
Percentile
92.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard IT Executive Scorecard. Authentication is required to exploit this vulnerability. The specific flaw exists within the Content Acceleration Pack web application code. A file upload directory traversal vulnerability can be leveraged to execute code under the context of the SYSTEM user.