Vulnerabilities > CVE-2020-7148 - Expression Language Injection vulnerability in HP Intelligent Management Center 7.2/7.3

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

CWE-917

critical

NVD

Published: 2020-10-19

Updated: 2020-10-21

Summary

A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Vulnerable Configurations

Part	Description	Count
Application	Hp HP Intelligent Management Center 7.3 HP Intelligent Management Center 7.2	24

Common Weakness Enumeration (CWE)

CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us