CVE-2020-24626

Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
Configurations

Configuration 1 (hide)

cpe:2.3:a:hpe:utility_computing_service_meter:1.9:*:*:*:pay_per_use:*:*:*

History

21 Nov 2024, 05:15

Type Values Removed Values Added
References () https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04037en_us - Vendor Advisory () https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04037en_us - Vendor Advisory

Information

Published : 2020-09-23 13:15

Updated : 2024-11-21 05:15


NVD link : CVE-2020-24626

Mitre link : CVE-2020-24626

CVE.ORG link : CVE-2020-24626


JSON object : View

Products Affected

hpe

  • utility_computing_service_meter
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')