Local Unauthorized Elevation of Privilege in HPE Smart Update Manager
CVE-2019-11987

7.8HIGH

Key Information:

Vendor: HP
Status: HPe Smart Update Manager
Vendor: CVE Published:; 5 June 2019

Summary

A vulnerability exists in HPE Smart Update Manager (SUM), which could allow an unauthorized local user to elevate their privileges. This security flaw, present in versions prior to v8.4, could have significant implications if exploited, allowing the user to carry out actions without proper authorization. To safeguard your systems, it is recommended to update to the latest version and apply necessary security measures.

Affected Version(s)

HPE Smart Update Manager prior to v8.4

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 5, 2019
Vulnerability Reserved
May 13, 2019