HP Intelligent Management Center Branch Intelligent Management Module Multiple Vulnerabilities
Critical Nessus Plugin ID 71891
SynopsisThe version of the HP Branch Intelligent Management System module on the remote host is affected by multiple vulnerabilities.
DescriptionThe version of the HP Intelligent Management Center Branch Intelligent Management System module on the remote host is a version prior to 5.2 E0401 and is potentially affected by multiple vulnerabilities :
- The 'bimsDownload' servlet is not protected by authentication and could be used to access any file on the system remotely. (CVE-2013-4823)
- The 'UploadServlet' in the BIM module allows unauthenticated users to remotely upload arbitrary files to specific locations on the host. (CVE-2013-4822)
SolutionUpgrade the iMC BIMs module to version 5.2 E0401 or later.