CVE-2024-13980
H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters, potentially leading to arbitrary command execution. This flaw does not require authentication and may be exploited without session cookies. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-28 UTC.
| CWE | CWE-502 |
| Vendor | h3c group |
| Product | intelligent management center (imc) |
| Published | Aug 27, 2025 |
| Last Updated | Mar 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for h3c group intelligent management center (imc)
Be the first to know when new unknown vulnerabilities affecting h3c group intelligent management center (imc) are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
H3C Group / Intelligent Management Center (iMC)
* ≤ E0632H07
References
blog.csdn.net: https://blog.csdn.net/nnn2188185/article/details/141065540 github.com: https://github.com/OJZen/FckESC/blob/master/%E5%86%85%E7%BD%91%E7%99%BB%E5%BD%95%E8%BF%87%E7%A8%8B.txt blog.csdn.net: https://blog.csdn.net/weixin_48539059/article/details/141033966 axsec.blog.csdn.net: https://axsec.blog.csdn.net/article/details/141003376 h3c.com: https://www.h3c.com/cn/Service/Online_Help/psirt/ vulncheck.com: https://www.vulncheck.com/advisories/h3c-intelligent-management-center-rce