Vulnerabilites related to hp - 3par_service_processor
CVE-2024-22442 (GCVE-0-2024-22442)
Vulnerability from cvelistv5
Published
2024-07-16 15:45
Modified
2024-08-01 22:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The vulnerability could be remotely exploited to bypass authentication.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE 3PAR Service Processor |
Version: 5.1.1 and earlier < |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:hp:3par_service_processor_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "3par_service_processor_firmware",
"vendor": "hp",
"versions": [
{
"lessThan": "5.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22442",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T17:49:29.321484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T18:11:59.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04663en_us\u0026docLocale=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE 3PAR Service Processor",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "5.1.1 and earlier",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Hewlett Packard Enterprise acknowledges Milad Fadavvi for reporting this issue to security-alert@hpe.com."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability could be remotely exploited to bypass authentication."
}
],
"value": "The vulnerability could be remotely exploited to bypass authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T15:45:51.809Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04663en_us\u0026docLocale=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-22442",
"datePublished": "2024-07-16T15:45:51.809Z",
"dateReserved": "2024-01-10T15:24:39.967Z",
"dateUpdated": "2024-08-01T22:43:34.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5399 (GCVE-0-2019-5399)
Vulnerability from cvelistv5
Published
2019-08-09 17:04
Modified
2024-08-04 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote gain authorized access
Summary
A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE 3PAR Service Processor |
Version: prior to 5.0.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE 3PAR Service Processor",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "prior to 5.0.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote gain authorized access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-09T17:04:54",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-5399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE 3PAR Service Processor",
"version": {
"version_data": [
{
"version_value": "prior to 5.0.5.1"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise (HPE)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote gain authorized access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-5399",
"datePublished": "2019-08-09T17:04:54",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11991 (GCVE-0-2019-11991)
Vulnerability from cvelistv5
Published
2019-07-09 18:32
Modified
2024-08-04 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote disclosure of privileged information
Summary
HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the Service Processor and any managed 3PAR arrays.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | HPE 3PAR Service Processors |
Version: version 4.1 through 4.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03918en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE 3PAR Service Processors",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "version 4.1 through 4.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the Service Processor and any managed 3PAR arrays."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote disclosure of privileged information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-09T18:32:04",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03918en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-11991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE 3PAR Service Processors",
"version": {
"version_data": [
{
"version_value": "version 4.1 through 4.4"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the Service Processor and any managed 3PAR arrays."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote disclosure of privileged information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03918en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03918en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-11991",
"datePublished": "2019-07-09T18:32:04",
"dateReserved": "2019-05-13T00:00:00",
"dateUpdated": "2024-08-04T23:10:30.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5395 (GCVE-0-2019-5395)
Vulnerability from cvelistv5
Published
2019-08-09 16:57
Modified
2024-08-04 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote arbitrary file upload
Summary
A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE 3PAR Service Processor |
Version: prior to 5.0.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE 3PAR Service Processor",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "prior to 5.0.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary file upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-09T16:57:09",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-5395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE 3PAR Service Processor",
"version": {
"version_data": [
{
"version_value": "prior to 5.0.5.1"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise (HPE)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary file upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-5395",
"datePublished": "2019-08-09T16:57:09",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5400 (GCVE-0-2019-5400)
Vulnerability from cvelistv5
Published
2019-08-09 17:05
Modified
2024-08-04 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote session reuse
Summary
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE 3PAR Service Processor |
Version: prior to 5.0.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE 3PAR Service Processor",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "prior to 5.0.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote session reuse",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-09T17:05:56",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-5400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE 3PAR Service Processor",
"version": {
"version_data": [
{
"version_value": "prior to 5.0.5.1"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise (HPE)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote session reuse"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-5400",
"datePublished": "2019-08-09T17:05:56",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5397 (GCVE-0-2019-5397)
Vulnerability from cvelistv5
Published
2019-08-09 17:01
Modified
2024-08-04 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote bypass of security restrictions
Summary
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE 3PAR Service Processor |
Version: prior to 5.0.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE 3PAR Service Processor",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "prior to 5.0.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote bypass of security restrictions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-09T17:01:49",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-5397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE 3PAR Service Processor",
"version": {
"version_data": [
{
"version_value": "prior to 5.0.5.1"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise (HPE)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote bypass of security restrictions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-5397",
"datePublished": "2019-08-09T17:01:49",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5398 (GCVE-0-2019-5398)
Vulnerability from cvelistv5
Published
2019-08-09 17:03
Modified
2024-08-04 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote multiple multiple cross-site
Summary
A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE 3PAR Service Processor |
Version: prior to 5.0.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE 3PAR Service Processor",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "prior to 5.0.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote multiple multiple cross-site",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-09T17:03:35",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-5398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE 3PAR Service Processor",
"version": {
"version_data": [
{
"version_value": "prior to 5.0.5.1"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise (HPE)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote multiple multiple cross-site"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-5398",
"datePublished": "2019-08-09T17:03:35",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46846 (GCVE-0-2021-46846)
Vulnerability from cvelistv5
Published
2022-11-03 16:06
Modified
2025-05-02 19:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Integrated Lights-Out 5 |
Version: Prior to 2.44 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04133en_us"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T19:30:52.471405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T19:31:06.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Integrated Lights-Out 5",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "Prior to 2.44"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.\u003c/p\u003e"
}
],
"value": "Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04133en_us"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-46846",
"datePublished": "2022-11-03T16:06:09.815Z",
"dateReserved": "2022-10-19T21:27:41.176Z",
"dateUpdated": "2025-05-02T19:31:06.168Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5396 (GCVE-0-2019-5396)
Vulnerability from cvelistv5
Published
2019-08-09 17:00
Modified
2024-08-04 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote authentication bypass
Summary
A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE 3PAR Service Processor |
Version: prior to 5.0.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE 3PAR Service Processor",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "prior to 5.0.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-09T17:00:34",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-5396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE 3PAR Service Processor",
"version": {
"version_data": [
{
"version_value": "prior to 5.0.5.1"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise (HPE)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-5396",
"datePublished": "2019-08-09T17:00:34",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-08-09 18:15
Modified
2024-11-21 04:44
Severity ?
Summary
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | 3par_service_processor_firmware | * | |
| hp | 3par_service_processor | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:3par_service_processor_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B863CD1-E9C8-40F5-B57A-394672200D53",
"versionEndExcluding": "5.0.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:3par_service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EB35E-D915-4C4E-81F5-8DAC3FD2336C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de omisi\u00f3n de las restricciones de seguridad remota en HPE 3PAR Service Processor versi\u00f3n(es): anteriores a 5.0.5.1."
}
],
"id": "CVE-2019-5397",
"lastModified": "2024-11-21T04:44:51.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-09T18:15:11.417",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-16 16:15
Modified
2024-11-21 08:56
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The vulnerability could be remotely exploited to bypass authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | 3par_service_processor_firmware | * | |
| hp | 3par_service_processor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:3par_service_processor_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8294955E-CB75-4F2B-89B9-EFE1BDACA913",
"versionEndExcluding": "5.1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:3par_service_processor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D241CDD7-CAA1-460D-814D-9302B76054F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vulnerability could be remotely exploited to bypass authentication."
},
{
"lang": "es",
"value": "La vulnerabilidad podr\u00eda explotarse de forma remota para evitar la autenticaci\u00f3n."
}
],
"id": "CVE-2024-22442",
"lastModified": "2024-11-21T08:56:17.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-16T16:15:04.017",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04663en_us\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04663en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-09 17:15
Modified
2024-11-21 04:44
Severity ?
Summary
A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | 3par_service_processor_firmware | * | |
| hp | 3par_service_processor | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:3par_service_processor_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B863CD1-E9C8-40F5-B57A-394672200D53",
"versionEndExcluding": "5.0.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:3par_service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EB35E-D915-4C4E-81F5-8DAC3FD2336C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n remota en HPE 3PAR Service Processor versi\u00f3n(es): anteriores a 5.0.5.1."
}
],
"id": "CVE-2019-5396",
"lastModified": "2024-11-21T04:44:51.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-09T17:15:11.470",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-09 19:15
Modified
2024-11-21 04:22
Severity ?
Summary
HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the Service Processor and any managed 3PAR arrays.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | 3par_service_processor_firmware | * | |
| hp | 3par_service_processor | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:3par_service_processor_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0AEAFC-B517-498E-A850-B4FD3CBB5EA8",
"versionEndIncluding": "4.4",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:3par_service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EB35E-D915-4C4E-81F5-8DAC3FD2336C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the Service Processor and any managed 3PAR arrays."
},
{
"lang": "es",
"value": "HPE ha identificado una vulnerabilidad en HPE 3PAR Service Processor (SP) versi\u00f3n 4.1 hasta 4.4. HPE 3PAR Service Processor (SP) versi\u00f3n 4.1 hasta 4.4 presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n remota que puede permitir la ruptura de la confidencialidad, integridad y disponibilidad del procesador de servicios y cualquier matriz 3PAR administrada."
}
],
"id": "CVE-2019-11991",
"lastModified": "2024-11-21T04:22:07.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-09T19:15:12.013",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03918en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03918en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-09 18:15
Modified
2024-11-21 04:44
Severity ?
Summary
A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | 3par_service_processor_firmware | * | |
| hp | 3par_service_processor | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:3par_service_processor_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B863CD1-E9C8-40F5-B57A-394672200D53",
"versionEndExcluding": "5.0.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:3par_service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EB35E-D915-4C4E-81F5-8DAC3FD2336C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de tipo cross-site m\u00faltiple remota en HPE 3PAR Service Processor versi\u00f3n(es): anteriores a 5.0.5.1."
}
],
"id": "CVE-2019-5398",
"lastModified": "2024-11-21T04:44:52.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-09T18:15:11.510",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-09 18:15
Modified
2024-11-21 04:44
Severity ?
Summary
A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | 3par_service_processor_firmware | * | |
| hp | 3par_service_processor | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:3par_service_processor_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B863CD1-E9C8-40F5-B57A-394672200D53",
"versionEndExcluding": "5.0.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:3par_service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EB35E-D915-4C4E-81F5-8DAC3FD2336C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de obtenci\u00f3n de acceso autorizado remota en HPE 3PAR Service Processor versi\u00f3n(es): anteriores a 5.0.5.1."
}
],
"id": "CVE-2019-5399",
"lastModified": "2024-11-21T04:44:52.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-09T18:15:11.867",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-09 18:15
Modified
2024-11-21 04:44
Severity ?
Summary
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | 3par_service_processor_firmware | * | |
| hp | 3par_service_processor | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:3par_service_processor_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B863CD1-E9C8-40F5-B57A-394672200D53",
"versionEndExcluding": "5.0.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:3par_service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EB35E-D915-4C4E-81F5-8DAC3FD2336C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de reutilizaci\u00f3n de sesi\u00f3n remota en HPE 3PAR Service Processor versi\u00f3n(es): anteriores a 5.0.5.1."
}
],
"id": "CVE-2019-5400",
"lastModified": "2024-11-21T04:44:52.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-09T18:15:12.213",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 13:15
Modified
2025-05-02 20:15
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D179C62-EA44-4D6F-B4ED-B5E9C1674FC1",
"versionEndExcluding": "2.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:3par_service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EB35E-D915-4C4E-81F5-8DAC3FD2336C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:apollo_r2000_chassis:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9311154A-E0EF-46B3-B8D0-6ED540029684",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03743177-70D4-442B-B59F-43912385CC83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB818A6-80D5-4DD7-8E0D-EC25764A0693",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25418088-0890-401E-837C-611154B2C433",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1480B92-9A59-4675-B2DF-6DAE385927B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:integrated_lights-out_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5370AF-C0B8-4E75-8B01-A4239B130E9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25FD273-0E16-4975-985C-8BD96AE0D449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5876FB45-B037-4355-BAE9-69157FD0A402",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C77CAF-0A18-4447-93BD-C64595475E37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81BA5-E5D8-4D42-8C42-A91063008359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15D52EA-CE63-47AF-993D-265163B5B38E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F98CB6-3933-4425-A7E9-542AB764C8C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93765BE7-D8C2-48C8-9ADA-A7C36B993D95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD08B95A-240C-436E-91B5-2D594F6F1F07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8545248A-2943-4B8D-A295-BE7D43492BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00B032E4-9663-4525-ACC4-217B5E266124",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3845235-CAFC-4FB3-AB26-F0E8A8815F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8389F7F-7653-4695-91CC-DCFACC870094",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "419470B4-80EF-46BF-8DB4-6569D3E8435F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B767B-41AB-436A-AF2C-10185E1161F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "174EF59C-18A6-4490-A23A-76E74C1D2AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C755817B-B074-4496-934B-A30C72A4F849",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E79D5665-6654-4AF7-A3DE-7F338067E8C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_microserver_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A4A379-205A-479C-9C82-B182AEAEB8B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8B5AC2-7889-4654-88D2-289CE20A4ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB32875E-11E3-443E-809C-12CCAE574570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24685-FEE2-494F-9806-56477E62FD1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DE16BA-939E-4C26-B03B-439E60C7C872",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B224273-2E15-41F2-84D6-D754F6B76B49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD7139-05F6-4D60-BB0F-9AA6952720CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01181BEB-DE0B-49AA-B632-91B40046120F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50247A44-3EA0-4B4B-9AB6-64D9B470F190",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A21F0B8-D613-46CD-BAEC-5CD876FD5352",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D5C3-A7CB-4EA6-87A9-6026DAC8DA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD81201-ECD9-4E9F-A6F0-7EAEB1DA9891",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "424298C0-01E2-4770-818D-25F47A801F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7408A4-7409-4223-ABA7-C1F35E84D213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCBE981-8F98-49B2-B09D-B0187D5DF322",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC69BAD-3243-405F-839E-8BE9E2562205",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C386FE40-4223-4F35-A04A-84008B7A1B8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E86E62-1B51-4934-B8B6-40D920BE6192",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC53F93-901B-40A9-BAAD-DD5A8865E824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CC8E6-A017-406E-B993-4CFFEB230829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting en Hewlett Packard Enterprise Integrated Lights-Out 5."
}
],
"id": "CVE-2021-46846",
"lastModified": "2025-05-02T20:15:17.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.5,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T13:15:11.917",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04133en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04133en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-09 17:15
Modified
2024-11-21 04:44
Severity ?
Summary
A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | 3par_service_processor_firmware | * | |
| hp | 3par_service_processor | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:3par_service_processor_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B863CD1-E9C8-40F5-B57A-394672200D53",
"versionEndExcluding": "5.0.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:3par_service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EB35E-D915-4C4E-81F5-8DAC3FD2336C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de carga de archivos arbitraria remota en HPE 3PAR Service Processor versi\u00f3n(es): anteriores a 5.0.5.1."
}
],
"id": "CVE-2019-5395",
"lastModified": "2024-11-21T04:44:51.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-09T17:15:11.423",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03942en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}