What is the severity of CVE-2020-7170?

CVE-2020-7170 has been classified as a critical vulnerability due to its potential for remote code execution.

How do I fix CVE-2020-7170?

To fix CVE-2020-7170, upgrade to HPE Intelligent Management Center version 7.3 PLAT E0705P07 or later.

What type of attack can CVE-2020-7170 enable?

CVE-2020-7170 can enable remote code execution attacks on vulnerable HPE Intelligent Management Center installations.

Which versions of HPE Intelligent Management Center are affected by CVE-2020-7170?

Versions prior to HPE Intelligent Management Center 7.3 PLAT E0705P07 are affected by CVE-2020-7170.

Is CVE-2020-7170 related to SQL injection?

Yes, CVE-2020-7170 involves expression language injection that can lead to SQL injection and remote code execution.

Vulnerability/
CVE-2020-7170

critical

CWE

917

19/10/2020

4/8/2024

CVE-2020-7170

First published: Mon Oct 19 2020(Updated: )

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Credit: security-alert@hpe.com

Affected Software	Affected Version	How to fix
HP Intelligent Management Center	<7.3
HP Intelligent Management Center	=7.3
HP Intelligent Management Center	=7.3-e0501
HP Intelligent Management Center	=7.3-e0503
HP Intelligent Management Center	=7.3-e0503p02
HP Intelligent Management Center	=7.3-e0504
HP Intelligent Management Center	=7.3-e0504p02
HP Intelligent Management Center	=7.3-e0504p04
HP Intelligent Management Center	=7.3-e0504p2
HP Intelligent Management Center	=7.3-e0504p4
HP Intelligent Management Center	=7.3-e0506
HP Intelligent Management Center	=7.3-e0506p02
HP Intelligent Management Center	=7.3-e0506p03
HP Intelligent Management Center	=7.3-e0506p07
HP Intelligent Management Center	=7.3-e0506p09
HP Intelligent Management Center	=7.3-e0605
HP Intelligent Management Center	=7.3-e0605h02
HP Intelligent Management Center	=7.3-e0605h05
HP Intelligent Management Center	=7.3-e0605p04
HP Intelligent Management Center	=7.3-e0605p06
HP Intelligent Management Center	=7.3-e0705
HP Intelligent Management Center	=7.3-e0705p02
HP Intelligent Management Center	=7.3-e0705p04
HP Intelligent Management Center	=7.3-e0705p06

Never miss a vulnerability like this again

Reference Links

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us

Frequently Asked Questions

What is the severity of CVE-2020-7170?
CVE-2020-7170 has been classified as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2020-7170?
To fix CVE-2020-7170, upgrade to HPE Intelligent Management Center version 7.3 PLAT E0705P07 or later.
What type of attack can CVE-2020-7170 enable?
CVE-2020-7170 can enable remote code execution attacks on vulnerable HPE Intelligent Management Center installations.
Which versions of HPE Intelligent Management Center are affected by CVE-2020-7170?
Versions prior to HPE Intelligent Management Center 7.3 PLAT E0705P07 are affected by CVE-2020-7170.
Is CVE-2020-7170 related to SQL injection?
Yes, CVE-2020-7170 involves expression language injection that can lead to SQL injection and remote code execution.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/references
agent/severity
agent/last-modified-date
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/hp
canonical/hp intelligent management center
version/hp intelligent management center/7.3
version/hp intelligent management center/7.3-e0501
version/hp intelligent management center/7.3-e0503
version/hp intelligent management center/7.3-e0503p02
version/hp intelligent management center/7.3-e0504
version/hp intelligent management center/7.3-e0504p02
version/hp intelligent management center/7.3-e0504p04
version/hp intelligent management center/7.3-e0504p2
version/hp intelligent management center/7.3-e0504p4
version/hp intelligent management center/7.3-e0506
version/hp intelligent management center/7.3-e0506p02
version/hp intelligent management center/7.3-e0506p03
version/hp intelligent management center/7.3-e0506p07
version/hp intelligent management center/7.3-e0506p09
version/hp intelligent management center/7.3-e0605
version/hp intelligent management center/7.3-e0605h02
version/hp intelligent management center/7.3-e0605h05
version/hp intelligent management center/7.3-e0605p04
version/hp intelligent management center/7.3-e0605p06
version/hp intelligent management center/7.3-e0705
version/hp intelligent management center/7.3-e0705p02
version/hp intelligent management center/7.3-e0705p04
version/hp intelligent management center/7.3-e0705p06