PT-2017-3112 · Hewlett Packard · Hpe Intelligent Management Center Plat

Rgod

Published

2017-03-07

Updated

2018-02-17

CVE-2017-5791

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HPE Intelligent Management Center PLAT version 7.2 E0403P06

Description The issue is related to the doFilter method in the UrlAccessController class, which has weaknesses in its authentication procedure. This can be exploited by a remote attacker to bypass authentication using a specially crafted string in a URI.

Recommendations For HPE Intelligent Management Center PLAT version 7.2 E0403P06, consider restricting access to the UrlAccessController class until a patch is available. As a temporary workaround, avoid using unspecified strings in URI requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2017-02510

CVE-2017-5791

ZDI-17-161

Affected Products

Hpe Intelligent Management Center Plat

PT-2017-3112 · Hewlett Packard · Hpe Intelligent Management Center Plat

CVE-2017-5791

Weakness Enumeration

Related Identifiers

Affected Products

References · 11