CVE-2020-7185

A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
Expression Language Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
hpeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
hpintelligent_management_center
𝑥
< 7.3
hpintelligent_management_center
7.3
hpintelligent_management_center
7.3:e0501
hpintelligent_management_center
7.3:e0503
hpintelligent_management_center
7.3:e0503p02
hpintelligent_management_center
7.3:e0504
hpintelligent_management_center
7.3:e0504p02
hpintelligent_management_center
7.3:e0504p04
hpintelligent_management_center
7.3:e0504p2
hpintelligent_management_center
7.3:e0504p4
hpintelligent_management_center
7.3:e0506
hpintelligent_management_center
7.3:e0506p02
hpintelligent_management_center
7.3:e0506p03
hpintelligent_management_center
7.3:e0506p07
hpintelligent_management_center
7.3:e0506p09
hpintelligent_management_center
7.3:e0605
hpintelligent_management_center
7.3:e0605h02
hpintelligent_management_center
7.3:e0605h05
hpintelligent_management_center
7.3:e0605h07
hpintelligent_management_center
7.3:e0605h08
hpintelligent_management_center
7.3:e0605h09
hpintelligent_management_center
7.3:e0605p04
hpintelligent_management_center
7.3:e0605p06
hpintelligent_management_center
7.3:e0701
hpintelligent_management_center
7.3:e0702
hpintelligent_management_center
7.3:e0703
hpintelligent_management_center
7.3:e0703h01
hpintelligent_management_center
7.3:e0705
hpintelligent_management_center
7.3:e0705p02
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us