Cross-Site Scripting Vulnerability in HPE XP P9000 Command View Software
CVE-2018-7090

6.1MEDIUM

Key Information:

Vendor: HP
Status: HP Xp P9000 Command View Advanced Edition Software (cvae) Versions 7.0.0-00 To Earlier Than 8.60-00
Vendor: CVE Published:; 6 August 2018

Summary

Hewlett Packard Enterprise's XP P9000 Command View Advanced Edition Software is affected by a cross-site scripting vulnerability that can be exploited both locally and remotely. This flaw exists in versions 7.0.0-00 to earlier than 8.60-00 of the DevMgr, TSMgr, and RepMgr components. Attackers could leverage this vulnerability to inject malicious scripts into web pages, potentially compromising user data and session integrity. Organizations using the affected versions should take immediate action to update their software to mitigate risks.

Affected Version(s)

HPE XP P9000 Command View Advanced Edition Software (CVAE) 7.0.0-00 to earlier than 8.60-00 versions 7.0.0-00 to earlier than 8.60-00

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 6, 2018
Vulnerability Reserved
Feb 15, 2018