CVE-2017-5812

Name of the Vulnerable Software and Affected Versions HPE Network Automation versions 9.1x through 10.2x

Description A remote SQL information disclosure vulnerability was found, which may allow unauthorized access to sensitive data. Additionally, an authentication bypass vulnerability in the PermissionFilter was identified.

Recommendations For HPE Network Automation versions 9.1x through 10.2x, consider restricting access to sensitive data and authentication mechanisms until a patch is available. As a temporary workaround, consider disabling the PermissionFilter authentication mechanism to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.