Vulnerability Details : CVE-2017-5798
Potential exploit
A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x).
Vulnerability category: Cross site scripting (XSS)Execute code
Products affected by CVE-2017-5798
- cpe:2.3:a:hp:opencall_media_platform:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:opencall_media_platform:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-5798
5.88%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-5798
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
|
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2017-5798
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-5798
-
http://www.securityfocus.com/bid/98013
HP OpenCall Media Platform Multiple Cross Site Scripting and Remote File Include VulnerabilitiesThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/41927/
HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File InclusionExploit;Third Party Advisory;VDB Entry
-
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03686en_us
HPESBGN03686 rev.1 - HPE OpenCall Media Platform (OCMP), Remote Code Execution, Cross-Site Scripting (XSS)Vendor Advisory
Jump to