HP Intelligent Management Java Deserialization Remote Code Execution

Posted by deepcore on December 5, 2018 – 12:46 am

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebDMDebugServlet, which listens on TCP ports 8080 and 8443 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [webapps] HasanMWB 1.0 – SQL Injection Emacs movemail Privilege Escalation »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

HP Intelligent Management Java Deserialization Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL