8.8

CVE-2017-14353

A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HpUcmdb Foundation Software Version10.10
HpUcmdb Foundation Software Version10.11
HpUcmdb Foundation Software Version10.20
HpUcmdb Foundation Software Version10.21
HpUcmdb Foundation Software Version10.22
HpUcmdb Foundation Software Version10.30
HpUcmdb Foundation Software Version10.31
HpUcmdb Foundation Software Version10.32
HpUcmdb Foundation Software Version10.33
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.72% 0.907
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://www.tenable.com/security/research/tra-2017-32
http://www.securityfocus.com/bid/101251
https://softwaresupport.hpe.com/km/KM02977984
https://www.auscert.org.au/bulletins/53150