Primary

Context

HPE Performance Cluster Manager Arbitrary File Access Vulnerability

Vulnerability

A vulnerability exists in the cmdb service of HPE Performance Cluster Manager (HPCM) versions 1.12 and earlier. This vulnerability could allow an attacker to access arbitrary files on the server host. The issue could lead to unauthorized file deletion, modification, or downloading.

Impact

Exploitation of this vulnerability could result in unauthorized access to files on the server, potentially allowing for arbitrary file deletion, modification, or download.

Remediation

The vulnerability has been fixed in HPCM version 1.13. Users can also apply patches available for HPCM 1.12, 1.11, and 1.10. Update packages for HPE Performance Cluster Manager are released to the HPE Software Delivery Repository (SDR).

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HPE Performance Cluster Manager Arbitrary File Access Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating