The H3C Technical Solution Bulletin for Faster XML Vulnerability (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489, CVE-2017-9096)



Recently, the HP PSRT have exposed some serious security vulnerabilities, these vulnerabilities are result of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. The vulnerability numbers are Faster XML(CVE-2017-17485, CVE-2018-5968, CVE-2018-7489, CVE-2017-9096).



An attacker could bypass the blacklist by sending a maliciously crafted JSON input to the  readValue method of ObjectMapper to gain unauthenticated remote code execution permissions.


H3C Products

H3C R&D team quickly investigated the H3C products after the vulnerabilities were publicly disclosed.


We found below products are in impact scope:

l  IMC

l  VDICVE-2017-17485 CVE-2018-5968CVE-2018-748

l  H3CloudOS/ H3CloudCMP  (CVE-2018-7489)



Solution for H3C Products

For product solutions, please contact H3C Service Hotline: +852 2907 0456 or email: