CVE-2017-12520

Name of the Vulnerable Software and Affected Versions: HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504)

Description: A Remote Code Execution issue was found in HPE Intelligent Management Center (iMC) PLAT, related to insufficient input validation in the perfAddorModDeviceMonitor.xhtml component. This allows a remote attacker to execute arbitrary code using the beanName parameter.

Recommendations: For HPE Intelligent Management Center PLAT version PLAT 7.3 (E0504), update to HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version to resolve the issue. As a temporary workaround, consider restricting access to the perfAddorModDeviceMonitor.xhtml component to minimize the risk of exploitation. Avoid using the beanName parameter in the affected component until the issue is resolved.