Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiBlueseaZDI-14-234
HistoryJul 16, 2014 - 12:00 a.m.

Hewlett-Packard Intelligent Management Center IctDownloadServlet Information Disclosure Vulnerability

2014-07-1600:00:00
Bluesea
www.zerodayinitiative.com
16

EPSS

0.03

Percentile

91.0%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IctDownloadServlet servlet. This servlet contains a directory traversal issue which allows any file readable by SYSTEM to be disclosed. By abusing this behavior, an attacker can disclose administrative credentials and possibly leverage this situation to achieve remote code execution.

Related

nvd 1
prion 1
cvelist 1
cve 1
securityvulns 2
nessus 2
nvd
nvd
CVE-2014-2621
2014-07-16 04:58:33
prion
prion
Design/Logic Flaw
2014-07-16 04:58:00
cvelist
cvelist
CVE-2014-2621
2014-07-16 01:00:00
cve
cve
CVE-2014-2621
2014-07-16 04:58:33
securityvulns
securityvulns
HP Intelligent Management Center / HP Branch Intelligent Management System information leakage
2014-07-22 00:00:00
[security bulletin] HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information
2014-07-22 00:00:00
nessus
nessus
HP Intelligent Management Center 7.x < 7.0-E0202P03 Multiple Vulnerabilities
2014-07-21 00:00:00
HP Intelligent Management Center Branch Intelligent Management Module 7.x < 7.0-E0201P02 Multiple Vulnerabilities
2014-07-21 00:00:00

EPSS

0.03

Percentile

91.0%

JSON
Related for ZDI-14-234
nvd1prion1cvelist1cve1securityvulns2nessus2