CVE-2017-12510

Name of the Vulnerable Software and Affected Versions HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504)

Description A Remote Code Execution issue was discovered, related to insufficient input validation in the iccSelectDeviceSeries.xhtml component. This allows a remote attacker to execute arbitrary code using the beanName parameter.

Recommendations For HPE Intelligent Management Center PLAT version PLAT 7.3 (E0504), update to HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version to resolve the issue. As a temporary workaround, consider restricting access to the iccSelectDeviceSeries.xhtml component to minimize the risk of exploitation. Avoid using the beanName parameter in the affected component until the issue is resolved.