Remote Code Execution Vulnerability in HP UCMDB Foundation Software
CVE-2017-14353

8.8HIGH

Key Information:

Vendor

HP
Status
Ucmdb Foundation Software
Vendor
CVE Published:
5 October 2017

What is CVE-2017-14353?

An identified remote code execution vulnerability in HP UCMDB Foundation Software allows attackers to execute arbitrary code on affected systems. This flaw impacts numerous versions, including 10.10 through 10.33. Exploiting this vulnerability may permit an attacker to gain control over system processes, which could lead to unauthorized access and data breaches. Organizations using these versions should take immediate action to secure their systems and apply the necessary patches to mitigate potential risks and ensure continued system integrity.

References

http://www.securityfocus.com/bid/101251
vdb-entryx_refsource_BID
https://www.tenable.com/security/research/tra-2017-32
x_refsource_MISC
https://softwaresupport.hpe.com/km/KM02977984
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.