SB2017052606 - Multiple vulnerabilities in HPE Intelligent Management Center

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2017-5820)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the dbman service due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to TCP port 2810 and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

2) Improper input validation (CVE-ID: CVE-2017-5821)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the dbman service due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to TCP port 2810 and execute arbitrary code with system privileges.
 
Successful exploitation of the vulnerability may result in system compromise.

3) Improper input validation (CVE-ID: CVE-2017-5823)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the dbman service due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to TCP port 2810 and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Improper input validation (CVE-ID: CVE-2017-5822)

The vulnerability allows a remote attacker to modify important information.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to TCP port 2810, gain access to user and system data and change it.

Successful exploitation of the vulnerability may result in modification of information.

Remediation

Install update from vendor's website.

References

• http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03746en_us