A vulnerability within the HP System Management homepage allows for arbitrary commands to be executed on the vulnerable system, due to a lack of proper escaping of requested URLs.
HP System Management Homepage
Remote Code Execution
Remote Code Execution Exploitation of this vulnerability is possible by forming a malicious request and sending it to the affected server. Remote attackers who successfully exploit this vulnerability will be able to execute arbitrary commands on the vulnerable system with the same rights as the web service.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 19734 - HP System Management Homepage Shell Metacharacters Command Execution
Update to HP System Management Homepage v7.2.2.