Description

H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters, potentially leading to arbitrary command execution. This flaw does not require authentication and may be exploited without session cookies. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-28 UTC.

INFO

Published Date :

2025-08-27T21:25:05.918Z

Last Modified :

2026-03-23T15:43:31.255Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2024-13980 vulnerability.

Vendors Products
Hp
  • Intelligent Management Center
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-13980.

URL Resource
https://axsec.blog.csdn.net/article/details/141003376 cve-icon cve-icon
https://blog.csdn.net/nnn2188185/article/details/141065540 cve-icon cve-icon
https://blog.csdn.net/weixin_48539059/article/details/141033966 cve-icon cve-icon
https://github.com/OJZen/FckESC/blob/master/%E5%86%85%E7%BD%91%E7%99%BB%E5%BD%95%E8%BF%87%E7%A8%8B.txt cve-icon cve-icon
https://www.h3c.com/cn/Service/Online_Help/psirt/ cve-icon cve-icon
https://www.vulncheck.com/advisories/h3c-intelligent-management-center-rce cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability