CVE-2020-24626

9.8CRITICAL

Key Information:

Vendor: HP
Status: HP Pay Per Use (ppu) Utility Computing Service (ucs) Meter
Vendor: CVE Published:; 23 September 2020

Summary

Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.

Affected Version(s)

HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter 1.9

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 23, 2020
Vulnerability Reserved
Aug 25, 2020