PT-2025-34939 · H3C · H3C Intelligent Management Center
Published
2025-08-27
·
Updated
2025-08-27
·
CVE-2024-13980
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions:
H3C Intelligent Management Center (IMC) versions up to and including E0632H07
Description:
H3C Intelligent Management Center (IMC) contains a remote command execution issue in the
/byod/index.xhtml endpoint. Improper handling of the javax.faces.ViewState parameter allows unauthenticated attackers to craft POST requests with forged parameters, potentially leading to arbitrary command execution. This issue does not require authentication or session cookies.Recommendations:
Update to a version later than E0632H07.
Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
H3C Intelligent Management Center