CVE-2017-8947

Name of the Vulnerable Software and Affected Versions HPE UCMDB versions v10.10 through v10.31

Description A Remote Code Execution issue was discovered, related to the UploadFileOnUIServerServlet component in HPE UCMDB. This issue is associated with inadequate path name checking in a directory with restricted access. Exploitation of this issue may allow a remote attacker to execute arbitrary code in the context of SYSTEM.

Recommendations For HPE UCMDB versions v10.10 through v10.31, consider disabling the UploadFileOnUIServerServlet component as a temporary workaround until a patch is available. Restrict access to the affected directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.