Authentication Vulnerability in HPE BSM Platform Application Performance Management System
CVE-2017-13984

6.5MEDIUM

Key Information:

Vendor
HP
Status
Bsm Platform Application Performance Management System Health
Vendor
CVE Published:
30 September 2017

Summary

An identified vulnerability in the HPE BSM Platform Application Performance Management System allows remote attackers to exploit an authentication flaw via servlet directory traversal. This could lead to unauthorized deletion of arbitrary files on the system, posing significant security risks. The affected versions include 9.26, 9.30, and 9.40, necessitating immediate attention from users to secure their installations.

References

https://softwaresupport.hpe.com/km/KM02942065
x_refsource_CONFIRM
http://www.zerodayinitiative.com/advisories/ZDI-17-720/
x_refsource_MISC
https://www.auscert.org.au/bulletins/52154
third-party-advisoryx_refsource_AUSCERT

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.