CVE-2017-12517

Name of the Vulnerable Software and Affected Versions HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504)

Description A Remote Code Execution issue was discovered in HPE Intelligent Management Center (iMC) PLAT, related to insufficient input validation in the iccSelectDymicParam.xhtml component. This allows a remote attacker to execute arbitrary code using the beanName parameter.

Recommendations For HPE Intelligent Management Center PLAT version PLAT 7.3 (E0504), update to HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version to resolve the issue. As a temporary workaround, consider restricting access to the iccSelectDymicParam.xhtml component to minimize the risk of exploitation. Avoid using the beanName parameter in the affected component until the issue is resolved.