CVE-2017-12509

Name of the Vulnerable Software and Affected Versions HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504)

Description A Remote Code Execution issue was found in HPE Intelligent Management Center (iMC) PLAT, related to insufficient input validation in the smsRulesDownload.xhtml component. This allows a remote attacker to execute arbitrary code using the beanName parameter.

Recommendations For HPE Intelligent Management Center PLAT version PLAT 7.3 (E0504), update to HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version to resolve the issue. As a temporary workaround, consider restricting access to the smsRulesDownload.xhtml component and limiting the use of the beanName parameter until the update is applied.