CVE-2017-12561

Name of the Vulnerable Software and Affected Versions: HPE Intelligent Management Center PLAT version Plat 7.3 E0504P4 and earlier

Description: A remote code execution issue was discovered, related to the use of an uninitialized pointer in the dbman service of HPE Intelligent Management Center PLAT. Exploitation of this issue could allow a remote attacker to execute arbitrary code in the context of SYSTEM using a specially crafted message with Opcode 10012.

Recommendations: For HPE Intelligent Management Center PLAT version Plat 7.3 E0504P4 and earlier, consider disabling the dbman service or restricting access to it until a patch is available. Avoid using the Opcode 10012 message in the affected service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.