Unauthorized Access Vulnerability in HPE XP P9000 Command View Advanced Edition and Configuration Manager
CVE-2018-7077

7.5HIGH

Key Information:

Vendor: HP
Status: HP Xp P9000 Command View Advanced Edition (cvae)
Vendor: CVE Published:; 14 August 2018

Summary

A security vulnerability exists in HPE XP P9000 Command View Advanced Edition and Configuration Manager, where both local and remote attackers may exploit this weakness to gain unauthorized access to sensitive information. The vulnerability affects versions 8.5.0-00 and earlier of the device management and configuration tools, emphasizing the need for users to upgrade to version 8.6.0-00 or later to mitigate the risk.

Affected Version(s)

HPE XP P9000 Command View Advanced Edition (CVAE) DevMgr 8.5.0-00 and prior to 8.6.0-00, CM 8.5.0-00 and prior to 8.6.0-00

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2018
Vulnerability Reserved
Feb 15, 2018