CVE-2024-13980 is a vulnerability in HP Intelligent Management Center
Published on August 27, 2025
H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE
H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters, potentially leading to arbitrary command execution. This flaw does not require authentication and may be exploited without session cookies. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-28 UTC.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2024-13980 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2024-13980
Want to know whenever a new CVE is published for HP Intelligent Management Center? stack.watch will email you.
Affected Versions
H3C Group Intelligent Management Center (iMC):- Version *, <= E0632H07 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.