This script is Copyright (C) 2017 Tenable Network Security, Inc.
An application installed on the remote Windows host is affected by a
remote code execution vulnerability.
The version of HPE Smart Storage Administrator installed on the
remote Windows host is prior to 22.214.171.124. It is, therefore, affected
by a flaw in function isDirectFileAccess() in file ipcelmclient.php
due to improper sanitization of user-supplied input to the 'command'
variable. An authenticated, remote attacker can exploit this, via a
specially crafted HTTP request, to execute arbitrary code on the
Note that Nessus has not attempted to exploit this issue but has
instead relied only on the application's self-reported version number.
See also :
Upgrade to HPE Smart Storage Administrator version 126.96.36.199 or later.
Risk factor :
High / CVSS Base Score : 9.0
CVSS Temporal Score : 7.0
Public Exploit Available : true