Lucene search
Andrea Micalizzi aka rgodZDI-13-239HistoryOct 16, 2013 - 12:00 a.m.
Hewlett-Packard Intelligent Management Center BIMS bimsDownload Servlet Information Disclosure Vulnerability
2013-10-1600:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
10
0.913 High
EPSS
Percentile
98.9%
This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the bimsDownload servlet. Authentication is not required to access this servlet, which allows any file readable by SYSTEM to be disclosed. By abusing this behavior an attacker can disclose administrative credentials and possibly leverage this situation to achieve remote code execution.
Related
checkpoint_advisories
checkpoint_advisories
nvd
nvd
CVE-2013-4823
2013-10-13 10:20:04
cve
cve
CVE-2013-4823
2022-10-03 16:14:57
prion
prion
Code injection
2013-10-13 10:20:00
cvelist
cvelist
CVE-2013-4823
2022-10-03 16:14:57
nessus
nessus
securityvulns
securityvulns
HP Intelligent Management Center multiple security vulnerabilities
2013-10-09 00:00:00