CVE-2017-12500

Name of the Vulnerable Software and Affected Versions HPE Intelligent Management Center PLAT versions 7.3 (E0504) through 7.3 (E0505)

Description The issue is related to insufficient input validation in the ictExpertDownload.xhtml component of the HPE Intelligent Management Center PLAT platform. This can be exploited by a remote attacker to execute arbitrary code using the beanName parameter. The problem was resolved in version 7.3 (E0506) or any subsequent version.

Recommendations For HPE Intelligent Management Center PLAT version 7.3 (E0504), update to version 7.3 (E0506) or any subsequent version to resolve the issue. For HPE Intelligent Management Center PLAT versions prior to 7.3 (E0506), update to version 7.3 (E0506) or any subsequent version to resolve the issue.