CVE-2020-24626
CRITICALHPE PPU UCS Meter 1.9 - Remote Code Execution via Directory Traversal
Title source: manualDescription
Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04037en_us
Scores
CVSS v3
9.8
EPSS
0.0242
EPSS Percentile
85.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
hpe/utility_computing_service_meter
1.9
Published
Sep 23, 2020
Tracked Since
Feb 18, 2026