Intrusion Prevention

HP.Intelligent.Management.Center.Arbitrary.File.Upload

Description

This indicates an attack attempt to exploit a Remote File Inclusion vulnerability in HP Intelligent Management Center (iMC).
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling uploaded files. A remote attacker can exploit this to upload arbitrary files and by making a direct request to the file, also execute any script file uploaded.

Affected Products

HP Intelligent Management Center Enterprise Edition 5.1 E0202 and prior versions
HP Intelligent Management Center Standard Edition 5.1 E0202 and prior versions
HP Intelligent Management Center for Automated Network Manager 5.1 E0202 and prior versions
HP Intelligent Management Center User Access Manager (UAM) 5.1 and prior versions
HP Intelligent Management Center TACACS+ Authentication Manager 5.1 and prior versions

Impact

System Compromise: Remote attackers can execute arbitrary script code in the context of the affected site.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03689276