Severity
High
Analysis Summary
CVE-2024-13980 CVSS:10
H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters, potentially leading to arbitrary command execution. This flaw does not require authentication and may be exploited without session cookies. An affected version range is undefined.
CVE-2025-44653 CVSS:4.3
H3C GR2200 is vulnerable to a denial of service, caused by a flaw in the USERLIMIT_GLOBAL option.
Impact
- Denial of Service
- Gain Access
Indicators of Compromise
CVE
CVE-2024-13980
CVE-2025-44653
Affected Vendors
- H3C
Affected Products
- H3C Intelligent Management Center iMC vE0632H07
- H3C GR2200 MiniGR1A0V100R016
Remediation
Refer to H3C Website for patch, upgrade, or suggested workaround information.