CVE-2020-7156 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Severity

98%

Complexity

39%

Confidentiality

98%

A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVSS 3.1 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 4 years ago

2020-10-19 18:15:00

Last updated 4 years ago

2020-10-21 19:07:00

Affected Software

HP Intelligent Management Center 7.3

7.3

HP Intelligent Management Center (IMC) 7.3 E0503

7.3

HP Intelligent Management Center (IMC) 7.3 E0503P02

7.3

HP Intelligent Management Center (IMC) 7.3 E0504

7.3

HP Intelligent Management Center (IMC) 7.3 E0504P02

7.3

HP Intelligent Management Center 7.3 E0504P04

7.3

HP Intelligent Management Center 7.3 E0504P2

7.3

HP Intelligent Management Center (IMC) 7.3 E0506

7.3

HP Intelligent Management Center (IMC) 7.3 E0506p02

7.3

HP Intelligent Management Center (IMC) 7.3 E0506p03

7.3

HP Intelligent Management Center (IMC) 7.3 E0506p07

7.3

Hp Intelligent Management Center 7.3 E0506p09

7.3

HP Intelligent Management Center 7.3 E0605

7.3

HP Intelligent Management Center 7.3 E0605h02

7.3

HP Intelligent Management Center 7.3 E0605h05

7.3

HP Intelligent Management Center (IMC) 7.3 E0605P06

7.3

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2020-7156 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

First reported 4 years ago

Last updated 4 years ago

Affected Software

HP Intelligent Management Center 7.3

HP Intelligent Management Center (IMC) 7.3 E0503

HP Intelligent Management Center (IMC) 7.3 E0503P02

HP Intelligent Management Center (IMC) 7.3 E0504

HP Intelligent Management Center (IMC) 7.3 E0504P02

HP Intelligent Management Center 7.3 E0504P04

HP Intelligent Management Center 7.3 E0504P2

HP Intelligent Management Center (IMC) 7.3 E0506

HP Intelligent Management Center (IMC) 7.3 E0506p02

HP Intelligent Management Center (IMC) 7.3 E0506p03

HP Intelligent Management Center (IMC) 7.3 E0506p07

Hp Intelligent Management Center 7.3 E0506p09

HP Intelligent Management Center 7.3 E0605

HP Intelligent Management Center 7.3 E0605h02

HP Intelligent Management Center 7.3 E0605h05

HP Intelligent Management Center (IMC) 7.3 E0605P06

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us

Stay updated

Get in touch