HPE Intelligent Management Center dbman Command 10001 Information Disclosure
Medium Nessus Plugin ID 118038
SynopsisA database backup and restoration tool running on the remote host is affected by an information disclosure vulnerability.
DescriptionThe HPE Intelligent Management Center (iMC) dbman process running on the remote host is affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, via a command 10001 request, to view the contents of arbitrary directories under the security context of the SYSTEM or root user.
Note that the HPE iMC dbman process running on the remote host is reportedly affected by additional vulnerabilities; however, this plugin has not tested for these.
SolutionUpgrade HPE iMC version to 7.3 E0703 or later.