virus logo Intrusion Prevention

HPE.IMC.deploySelectBootrom.Expression.Language.Injection

description-logoDescription

This indicates an attack attempt to exploit an Input Validation Error Vulnerability in HP Intelligent Management Center.
This vulnerability is due to insufficient handling of the beanName request parameter provided to the deploySelectBootrom.xhtml endpoint. A remote, authenticated attacker can exploit this vulnerability by sending a request to deploySelectBootrom.xhtml with a crafted beanName parameter. Successful exploitation results in the execution of arbitrary code on the target system with privileges of SYSTEM user.

affected-products-logoAffected Products

HP Intelligent Management Center prior to 7.3 E0705P04

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://support.hpe.com/hpesc/public/docDisplay?docId=a00098608en_us

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-07-29 15.897 Default_action:pass:drop
2020-07-21 15.891
ID 49343
Created Jul 13, 2020
Updated Aug 09, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Windows, Linux
Affected App HP