New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 7.4
SynopsisA web application hosted on the remote web server is affected by a remote code execution vulnerability.
DescriptionThe H3C or HPE Intelligent Management Center (iMC) web server running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialization of Java objects to the Apache Commons BeanUtils library via the euplat RMI registry. An unauthenticated, remote attacker can exploit this, by sending a specially crafted RMI message, to execute arbitrary code on the target host.
Note that Intelligent Management Center (iMC) is an HPE product;
however, it is branded as H3C.
SolutionUpgrade to H3C / HPE iMC version 7.3 E0504P02 or later.