CVE-2024-53676

Name of the Vulnerable Software and Affected Versions Hewlett Packard Enterprise Insight Remote Support versions prior to 7.14.0.629

Description A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution. The issue is related to the processAtatchmentDataStream method and the use of files and directories accessible to external parties. This vulnerability can be exploited by an attacker to execute arbitrary code remotely without requiring authentication.

Recommendations For versions prior to 7.14.0.629, update to version 7.14.0.629 or later to resolve the issue. As a temporary workaround, consider restricting access to the processAtatchmentDataStream method to minimize the risk of exploitation. Additionally, avoid using directories or files that are accessible to external parties until the issue is resolved.