CVE-2020-24624

7.5HIGH

Key Information:

Vendor: HP
Status: HP Pay Per Use (ppu) Utility Computing Service (ucs) Meter
Vendor: CVE Published:; 23 September 2020

Summary

Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.

Affected Version(s)

HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter 1.9

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 23, 2020
Vulnerability Reserved
Aug 25, 2020