SB2017081106 - Remote code execution in HPE Intelligent Management Center PLAT
Published: August 11, 2017 Updated: August 16, 2017
Security Bulletin ID
SB2017081106
Severity
High
Patch available
YES
Number of vulnerabilities
55
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 55 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2017-12487)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
2) Improper input validation (CVE-ID: CVE-2017-12488)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
3) Improper input validation (CVE-ID: CVE-2017-12489)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
4) Improper input validation (CVE-ID: CVE-2017-12490)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
5) Improper input validation (CVE-ID: CVE-2017-12491)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
6) Improper input validation (CVE-ID: CVE-2017-12492)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
7) Improper input validation (CVE-ID: CVE-2017-12493)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
8) Improper input validation (CVE-ID: CVE-2017-12494)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
9) Improper input validation (CVE-ID: CVE-2017-12495)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
10) Improper input validation (CVE-ID: CVE-2017-12496)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
11) Improper input validation (CVE-ID: CVE-2017-12497)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
12) Improper input validation (CVE-ID: CVE-2017-12498)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
13) Improper input validation (CVE-ID: CVE-2017-12499)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
14) Improper input validation (CVE-ID: CVE-2017-12500)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
15) Improper input validation (CVE-ID: CVE-2017-12501)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
16) Improper input validation (CVE-ID: CVE-2017-12502)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
17) Improper input validation (CVE-ID: CVE-2017-12503)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
18) Improper input validation (CVE-ID: CVE-2017-12504)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
19) Improper input validation (CVE-ID: CVE-2017-12505)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
20) Improper input validation (CVE-ID: CVE-2017-12506)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
21) Improper input validation (CVE-ID: CVE-2017-12507)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
22) Improper input validation (CVE-ID: CVE-2017-12508)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
23) Improper input validation (CVE-ID: CVE-2017-12509)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
24) Improper input validation (CVE-ID: CVE-2017-12510)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
25) Improper input validation (CVE-ID: CVE-2017-12511)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
26) Improper input validation (CVE-ID: CVE-2017-12512)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
27) Improper input validation (CVE-ID: CVE-2017-12513)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
28) Improper input validation (CVE-ID: CVE-2017-12514)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
29) Improper input validation (CVE-ID: CVE-2017-12515)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
30) Improper input validation (CVE-ID: CVE-2017-12516)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
31) Improper input validation (CVE-ID: CVE-2017-12517)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
32) Improper input validation (CVE-ID: CVE-2017-12518)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
33) Improper input validation (CVE-ID: CVE-2017-12519)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
34) Improper input validation (CVE-ID: CVE-2017-12520)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
35) Improper input validation (CVE-ID: CVE-2017-12521)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
36) Improper input validation (CVE-ID: CVE-2017-12522)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
37) Improper input validation (CVE-ID: CVE-2017-12523)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
38) Improper input validation (CVE-ID: CVE-2017-12524)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
39) Improper input validation (CVE-ID: CVE-2017-12525)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
40) Improper input validation (CVE-ID: CVE-2017-12526)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
41) Improper input validation (CVE-ID: CVE-2017-12527)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
42) Improper input validation (CVE-ID: CVE-2017-12528)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
43) Improper input validation (CVE-ID: CVE-2017-12529)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
44) Improper input validation (CVE-ID: CVE-2017-12530)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
45) Improper input validation (CVE-ID: CVE-2017-12531)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
46) Improper input validation (CVE-ID: CVE-2017-12532)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
47) Improper input validation (CVE-ID: CVE-2017-12533)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
48) Improper input validation (CVE-ID: CVE-2017-12534)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
49) Improper input validation (CVE-ID: CVE-2017-12535)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
50) Improper input validation (CVE-ID: CVE-2017-12536)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
51) Improper input validation (CVE-ID: CVE-2017-12537)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
52) Improper input validation (CVE-ID: CVE-2017-12538)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
53) Improper input validation (CVE-ID: CVE-2017-12539)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
54) Improper input validation (CVE-ID: CVE-2017-12540)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
55) Improper input validation (CVE-ID: CVE-2017-12541)
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.The weakness exists due to improper validation of user-supplied input. A remote authenticated user can send specially crafted beanName parameter values, inject Java Server Faces (JSF) expressions and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.