HPE UCMDB 'UploadFileOnUIServerServlet' Servlet Path Handling RCE (HPESBGN03758)
Critical Nessus Plugin ID 100963
SynopsisThe remote web server is affected by a remote code execution vulnerability.
DescriptionThe version of HP Universal Configuration Management Database Server (UCMDB) running on the remote web server is missing a security patch.
It is, therefore, affected by a remote code execution vulnerability in the 'UploadFileOnUIServerServlet' servlet due to improper handling of user-supplied paths. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code with SYSTEM privileges.
SolutionUpgrade to HPE UCMDB 10.11 CUP9 / 10.22 CUP5 + Hotfix / 10.32 or later as referenced in the vendor advisory.