CVE-2017-5799

HIGH

HPE OpenCall Media Platform < 3.4.2 - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-5799. PoCs published by Paolo Stagno.

AI-analyzed exploit summary This advisory details multiple XSS and RFI vulnerabilities in HPE OpenCall Media Platform (OCMP) 4.3.2, including proof-of-concept HTTP requests demonstrating reflected XSS via unsanitized parameters in the Application Content Manager and VoiceXML Administration Tool.

Description

A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x).

Exploits (1)

exploitdb WRITEUP VERIFIED
by Paolo Stagno · textwebappsmultiple
https://www.exploit-db.com/exploits/41927

This advisory details multiple XSS and RFI vulnerabilities in HPE OpenCall Media Platform (OCMP) 4.3.2, including proof-of-concept HTTP requests demonstrating reflected XSS via unsanitized parameters in the Application Content Manager and VoiceXML Administration Tool.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: HPE OpenCall Media Platform (OCMP) 4.3.2
No auth needed
Prerequisites: Network access to the vulnerable application
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41927/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98013

Scores

CVSS v3 8.8
EPSS 0.1582
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-74
Status published
Products (1)
hp/opencall_media_platform 3.0.0 - 3.4.2
Published Feb 15, 2018
Tracked Since Feb 18, 2026