Remote Code Execution Vulnerability in HPE Application Performance Management
CVE-2017-14350

9.8CRITICAL

Key Information:

Vendor

Micro Focus

Status
HP Application Performance Management (apm)
Vendor
CVE Published:
30 September 2017

What is CVE-2017-14350?

A security vulnerability exists in the HPE Application Performance Management (BSM) Platform that could be exploited remotely, potentially allowing unauthorized code execution. This issue affects several versions, including 9.26, 9.30, and 9.40, posing a risk to users who have not applied the necessary updates. Organizations should implement immediate measures to mitigate the threat.

Affected Version(s)

HPE Application Performance Management (APM) 9.26

HPE Application Performance Management (APM) 9.30

HPE Application Performance Management (APM) 9.40

References

http://www.zerodayinitiative.com/advisories/ZDI-17-825/
x_refsource_MISC
http://www.securityfocus.com/bid/100988
vdb-entryx_refsource_BID
https://softwaresupport.hpe.com/km/KM02960811
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.