CVE-2020-24649

EPSS 0.8%
Published 19.10.2020 18:15:14
Last modified 21.11.2024 05:15:21
Source security-alert@hpe.com
Teams watchlist Login
Open Login

A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Hp ≫ Intelligent Management Center Version < 7.3

Hp ≫ Intelligent Management Center Version7.3 Update-

Hp ≫ Intelligent Management Center Version7.3 Updatee0501

Hp ≫ Intelligent Management Center Version7.3 Updatee0503

Hp ≫ Intelligent Management Center Version7.3 Updatee0503p02

Hp ≫ Intelligent Management Center Version7.3 Updatee0504

Hp ≫ Intelligent Management Center Version7.3 Updatee0504p02

Hp ≫ Intelligent Management Center Version7.3 Updatee0504p04

Hp ≫ Intelligent Management Center Version7.3 Updatee0504p2

Hp ≫ Intelligent Management Center Version7.3 Updatee0504p4

Hp ≫ Intelligent Management Center Version7.3 Updatee0506

Hp ≫ Intelligent Management Center Version7.3 Updatee0506p02

Hp ≫ Intelligent Management Center Version7.3 Updatee0506p03

Hp ≫ Intelligent Management Center Version7.3 Updatee0506p07

Hp ≫ Intelligent Management Center Version7.3 Updatee0506p09

Hp ≫ Intelligent Management Center Version7.3 Updatee0605

Hp ≫ Intelligent Management Center Version7.3 Updatee0605h02

Hp ≫ Intelligent Management Center Version7.3 Updatee0605h05

Hp ≫ Intelligent Management Center Version7.3 Updatee0605p04

Hp ≫ Intelligent Management Center Version7.3 Updatee0605p06

Hp ≫ Intelligent Management Center Version7.3 Updatee0705

Hp ≫ Intelligent Management Center Version7.3 Updatee0705p02

Hp ≫ Intelligent Management Center Version7.3 Updatee0705p04

Hp ≫ Intelligent Management Center Version7.3 Updatee0705p06

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.8%	0.719

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-24649

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-24649

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-24649

EUVD