Lucene search

[email protected]CVE-2022-28625

HistoryAug 31, 2022 - 4:15 p.m.

CVE-2022-28625

2022-08-3116:15:10

CWE-532

[email protected]

web.nvd.nist.gov

hpe oneview

vulnerability

information disclosure

security

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Affected configurations

NVD

Node

hponeviewRange<6.60.01

CPENameOperatorVersion
hp:oneviewhp oneviewlt6.60.01

CPE	Name	Operator	Version
hp:oneview	hp oneview	lt	6.60.01

CNA Affected

[
  {
    "product": "HPE OneView",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to 7.0 or 6.60.01"
      }
    ]
  }
]

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04304en_us

Social References

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-28625

prion1 cvelist1 nvd1