Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
References
Link | Resource |
---|---|
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04037en_us | Vendor Advisory |
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04037en_us | Vendor Advisory |
Configurations
History
21 Nov 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04037en_us - Vendor Advisory |
Information
Published : 2020-09-23 13:15
Updated : 2024-11-21 05:15
NVD link : CVE-2020-24626
Mitre link : CVE-2020-24626
CVE.ORG link : CVE-2020-24626
JSON object : View
Products Affected
hpe
- utility_computing_service_meter
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')