CVE-2017-13984

MEDIUM

HPE BSM <9.26-9.40 - Path Traversal

Title source: llm
STIX 2.1

Description

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
https://softwaresupport.hpe.com/km/KM02942065
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-720/
Various Sources third-party-advisory x_refsource_auscert
https://www.auscert.org.au/bulletins/52154

Scores

CVSS v3 6.5
EPSS 0.0127
EPSS Percentile 79.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-287
Status published
Products (3)
hp/bsm_platform_application_performance_management_system_health 9.26
hp/bsm_platform_application_performance_management_system_health 9.30
hp/bsm_platform_application_performance_management_system_health 9.40
Published Sep 30, 2017
Tracked Since Feb 18, 2026