ZDI-18-139: Hewlett Packard Enterprise Intelligent Management Center UrlAccessController Authentication Bypass Vulnerability
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center Smart Connect with Wireless Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UrlAccessController servlet. The issue results from the lack of proper filtering of URLs. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hewlett Packard Enterprise Intelligent Management Center |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-18-139?
The severity of ZDI-18-139 is rated as high, with a score of 7.8.
How do I fix ZDI-18-139?
To fix ZDI-18-139, ensure that you apply the latest patches or updates provided by Hewlett Packard Enterprise for the Intelligent Management Center.
What systems are affected by ZDI-18-139?
ZDI-18-139 affects installations of Hewlett Packard Enterprise Intelligent Management Center Smart Connect with Wireless Manager.
What type of vulnerability is ZDI-18-139?
ZDI-18-139 is an authentication bypass vulnerability that allows remote attackers to escalate privileges.
Is authentication required to exploit ZDI-18-139?
No, authentication is not required to exploit the ZDI-18-139 vulnerability.
- collector/zdi-advisory
- alias/ZDI-18-139
- alias/ZDI-CAN-4757
- alias/CVE-2017-8982
- agent/type
- agent/references
- agent/tags
- agent/event
- agent/title
- agent/severity
- agent/description
- agent/softwarecombine
- vendor/hewlett packard enterprise
- canonical/hewlett packard enterprise intelligent management center