CVE-2017-5791
critical
CVSS v3
9.8
CVSS v2
10.0
VIR risk
9.8
Description
The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security-alert@hpe.com — https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03716en_us
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| hp | intelligent_management_center_plat | 7.2 | |
References
- http://www.securityfocus.com/bid/101224
- http://www.securityfocus.com/bid/96815
- http://www.securitytracker.com/id/1037983
- http://www.zerodayinitiative.com/advisories/ZDI-17-161/
- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03716en_us
- http://www.securityfocus.com/bid/101224
- http://www.securityfocus.com/bid/96815
- http://www.securitytracker.com/id/1037983
- http://www.zerodayinitiative.com/advisories/ZDI-17-161/
- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03716en_us
CWEs
CWE-287
Verify integrity in audit chain (admin only). AS-IS.