Vulnerability Details : CVE-2017-13984
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.
Vulnerability category: Directory traversalBypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2017-13984
Probability of exploitation activity in the next 30 days: 0.80%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-13984
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:P |
8.0
|
4.9
|
NIST |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2017-13984
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-13984
-
http://www.zerodayinitiative.com/advisories/ZDI-17-720/
ZDI-17-720 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://softwaresupport.hpe.com/km/KM02942065
Micro Focus LoginPermissions Required
-
https://www.auscert.org.au/bulletins/52154
ESB-2017.2274 - AusCERTThird Party Advisory
Products affected by CVE-2017-13984
- cpe:2.3:a:hp:bsm_platform_application_performance_management_system_health:9.30:*:*:*:*:*:*:*
- cpe:2.3:a:hp:bsm_platform_application_performance_management_system_health:9.26:*:*:*:*:*:*:*
- cpe:2.3:a:hp:bsm_platform_application_performance_management_system_health:9.40:*:*:*:*:*:*:*