Lucene search

HpeCVE-2022-37928

HistoryDec 12, 2022 - 1:15 p.m.

CVE-2022-37928

2022-12-1213:15:14

CWE-345

hpe

web.nvd.nist.gov

cve-2022-37928

insufficient verification

data authenticity

vulnerability

hpe

nimble storage

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.

Affected configurations

Nvd

Node

hpesf100_firmwareRange<5.2.1.900ltsr

hpesf100_firmwareMatch5.3.0.0-

AND

hpesf100Match-

Node

hpesf300_firmwareRange<5.2.1.900ltsr

hpesf300_firmwareMatch5.3.0.0-

AND

hpesf300Match-

Node

hpehf60c_firmwareRange<5.2.1.900ltsr

hpehf60c_firmwareMatch5.3.0.0-

AND

hpehf60cMatch-

Node

hpehf40c_firmwareRange<5.2.1.900ltsr

hpehf40c_firmwareMatch5.3.0.0-

AND

hpehf40cMatch-

Node

hpehf20_firmwareRange<5.2.1.900ltsr

hpehf20_firmwareMatch5.3.0.0-

AND

hpehf20Match-

Node

hpehf40_firmwareRange<5.2.1.900ltsr

hpehf40_firmwareMatch5.3.0.0-

AND

hpehf40Match-

Node

hpehf60_firmwareRange<5.2.1.900ltsr

hpehf60_firmwareMatch5.3.0.0-

AND

hpehf60Match-

Node

hpehf20h_firmwareRange<5.2.1.900ltsr

hpehf20h_firmwareMatch5.3.0.0-

AND

hpehf20hMatch-

Node

hpehf20c_firmwareRange<5.2.1.900ltsr

hpehf20c_firmwareMatch5.3.0.0-

AND

hpehf20cMatch-

VendorProductVersionCPE
hpesf100_firmware*cpe:2.3:o:hpe:sf100_firmware:*:*:*:*:ltsr:*:*:*
hpesf100_firmware5.3.0.0cpe:2.3:o:hpe:sf100_firmware:5.3.0.0:*:*:*:-:*:*:*
hpesf100-cpe:2.3:h:hpe:sf100:-:*:*:*:*:*:*:*
hpesf300_firmware*cpe:2.3:o:hpe:sf300_firmware:*:*:*:*:ltsr:*:*:*
hpesf300_firmware5.3.0.0cpe:2.3:o:hpe:sf300_firmware:5.3.0.0:*:*:*:-:*:*:*
hpesf300-cpe:2.3:h:hpe:sf300:-:*:*:*:*:*:*:*
hpehf60c_firmware*cpe:2.3:o:hpe:hf60c_firmware:*:*:*:*:ltsr:*:*:*
hpehf60c_firmware5.3.0.0cpe:2.3:o:hpe:hf60c_firmware:5.3.0.0:*:*:*:-:*:*:*
hpehf60c-cpe:2.3:h:hpe:hf60c:-:*:*:*:*:*:*:*
hpehf40c_firmware*cpe:2.3:o:hpe:hf40c_firmware:*:*:*:*:ltsr:*:*:*

Vendor	Product	Version	CPE
hpe	sf100_firmware	*	cpe:2.3:o:hpe:sf100_firmware:::::ltsr:::*
hpe	sf100_firmware	5.3.0.0	cpe:2.3:o:hpe:sf100_firmware:5.3.0.0::::-:::
hpe	sf100	-	cpe:2.3:h:hpe:sf100:-:::::::*
hpe	sf300_firmware	*	cpe:2.3:o:hpe:sf300_firmware:::::ltsr:::*
hpe	sf300_firmware	5.3.0.0	cpe:2.3:o:hpe:sf300_firmware:5.3.0.0::::-:::
hpe	sf300	-	cpe:2.3:h:hpe:sf300:-:::::::*
hpe	hf60c_firmware	*	cpe:2.3:o:hpe:hf60c_firmware:::::ltsr:::*
hpe	hf60c_firmware	5.3.0.0	cpe:2.3:o:hpe:hf60c_firmware:5.3.0.0::::-:::
hpe	hf60c	-	cpe:2.3:h:hpe:hf60c:-:::::::*
hpe	hf40c_firmware	*	cpe:2.3:o:hpe:hf40c_firmware:::::ltsr:::*

Rows per page:

1-10 of 271

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to 5.2.1.900 (LTSR),  5.3.0.0 (GA)"
      }
    ]
  }
]

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04359en_us

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVE-2022-37928