Missing HSTS Header in HPE Matrix Operating Environment
CVE-2017-5782

5.4MEDIUM

Key Information:

Vendor: HP
Status: Matrix Operating Environment
Vendor: CVE Published:; 3 February 2017

Summary

The vulnerability in HPE Matrix Operating Environment version 7.6 arises from a missing HTTP Strict Transport Security (HSTS) header, which can expose users to man-in-the-middle attacks. This oversight in the security configuration compromises data integrity and confidentiality, making it crucial for organizations to ensure proper implementation of security headers to safeguard their systems.

Affected Version(s)

Matrix Operating Environment v7.6

References

https://support.hpe.com/hpsc/doc/public/display?docId=emr...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2017
Vulnerability Reserved
Feb 1, 2017