CVE-2017-13984

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
hpbsm_platform_application_performance_management_system_health
9.26
hpbsm_platform_application_performance_management_system_health
9.30
hpbsm_platform_application_performance_management_system_health
9.40
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.zerodayinitiative.com/advisories/ZDI-17-720/
https://softwaresupport.hpe.com/km/KM02942065
https://www.auscert.org.au/bulletins/52154
http://www.zerodayinitiative.com/advisories/ZDI-17-720/
https://softwaresupport.hpe.com/km/KM02942065
https://www.auscert.org.au/bulletins/52154