Lucene search

[email protected]NVD:CVE-2020-24624

HistorySep 23, 2020 - 1:15 p.m.

CVE-2020-24624

2020-09-2313:15:15

CWE-22

[email protected]

web.nvd.nist.gov

cve-2020-24624

directory traversal

unauthenticated

hpe ppu ucs meter

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.014

Percentile

86.8%

JSON

Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.

Affected configurations

Nvd

Node

hpeutility_computing_service_meterMatch1.9pay_per_use

VendorProductVersionCPE
hpeutility_computing_service_meter1.9cpe:2.3:a:hpe:utility_computing_service_meter:1.9:*:*:*:pay_per_use:*:*:*

Vendor	Product	Version	CPE
hpe	utility_computing_service_meter	1.9	cpe:2.3:a:hpe:utility_computing_service_meter:1.9::::pay_per_use:::

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04037en_us

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.014

Percentile

86.8%

JSON

Related for NVD:CVE-2020-24624

zdi1 cvelist1 cve1 prion1