SB2017051015 - Multiple vulnerabilities HP Network Automation 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017051015

SB2017051015 - Multiple vulnerabilities HP Network Automation

Published: May 10, 2017 Updated: May 10, 2017

Security Bulletin ID SB2017051015
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 40% Low 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) SQL injection (CVE-ID: CVE-2017-5810)

The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.

The weakness exists due to insufficient sanitization of user-supplied input processed by the affected application. A remote unauthenticated attacker can send a specially crafted request that contains crafted parameter values and execute arbitrary SQL commands.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable website.

2) Information disclosure (CVE-ID: CVE-2017-5812)

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.

The weakness exists due to improper processing of malicious requests. A remote attacker can send a specially crafted request and access arbitrary files to conduct further attacks.

Successful exploitation of the vulnerability results in information disclosure.

3) Improper input validation (CVE-ID: CVE-2017-5811)

The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.

The weakness exists due to improper input validation. A remote attacker can create a specially crafted Website, trick the victim into visiting it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

4) Security bypass (CVE-ID: CVE-2017-5814)

The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.

The weakness exists due to an unspecified condition that exists within the affected software. A remote attacker can bypass authentication and gain elevated privileges on the targeted system to conduct further attacks.

Successful exploitation of the vulnerability may result in privilege escalation on the application.


5) Security bypass (CVE-ID: CVE-2017-5813)

The vulnerability allows a remote authenticated attacker to bypass security restrictions to the targeted system.

The weakness exists due to an unspecified condition that exists within the affected software. A remote attacker can bypass certain restrictions, view sensitive information or conduct further attacks.

Successful exploitation of the vulnerability results unauthorized access to the vulnerable system.

Remediation

Install update from vendor's website.

References