4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.24 Low
EPSS
Percentile
96.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packardβs Application Lifecycle Management. This vulnerability requires the attacker to have an unprivileged account on the Application Lifecycle Management System. The specific flaw exists within the ACLs on a specific installed directory. Because this directory allows any user to create a file, an unprivileged attacker can place a malicious DLL on the system. When the Application Lifecycle Management is restarted, it will execute the provided file in the context of NT Authority\SYSTEM.