Name of the Vulnerable Software and Affected Versions:

H3C Intelligent Management Center (IMC) versions up to and including E0632H07

Description:

H3C Intelligent Management Center (IMC) contains a remote command execution issue in the `/byod/index.xhtml` endpoint. Improper handling of the `javax.faces.ViewState` parameter allows unauthenticated attackers to craft POST requests with forged parameters, potentially leading to arbitrary command execution. This issue does not require authentication or session cookies.

Recommendations:

Update to a version later than E0632H07.