Cross-Site Scripting in HPE OneView for VMware vCenter
CVE-2019-11992

6.1MEDIUM

Key Information:

Vendor: HP
Status: HPe Oneview For Vmware Vcenter With Operations Manager And Log Insight
Vendor: CVE Published:; 18 December 2019

What is CVE-2019-11992?

A security vulnerability exists in HPE OneView for VMware vCenter 9.5 that enables an attacker to exploit the system remotely through Cross-Site Scripting (XSS). This allows malicious actors to inject client-side scripts into web pages viewed by other users, which can lead to unauthorized actions or data theft if successfully executed. It is essential for users to implement the necessary security patches and updates to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

HPE OneView for VMware vCenter with Operations Manager and Log Insight 9.5

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 18, 2019
Vulnerability Reserved
May 13, 2019

JSON

HP