HTTP: HPE Intelligent Management Center saveSelectedDevices Expression Language Injection

This signature detects attempts to exploit a known vulnerability in HPE Intelligent Management Center. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in the execution of arbitrary code under the security context of the SYSTEM user.

Extended Description

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

Affected Products

Hp intelligent_management_center

Short Name
HTTP:STC:HPE-LANG-INJ
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2017-12490 CVE-2017-12491 Center Expression HPE Injection Intelligent Language Management saveSelectedDevices
Release Date
09/20/2017
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3337
False Positive
Unknown
Vendors

Hp

CVSS Score

9.0

Found a potential security threat?