Cross-Site Scripting in HPE OneView for VMware vCenter
CVE-2019-11992

6.1MEDIUM

Key Information:

Vendor: HP
Status: HPe Oneview For Vmware Vcenter With Operations Manager And Log Insight
Vendor: CVE Published:; 18 December 2019

What is CVE-2019-11992?

A security vulnerability exists in HPE OneView for VMware vCenter 9.5 that enables an attacker to exploit the system remotely through Cross-Site Scripting (XSS). This allows malicious actors to inject client-side scripts into web pages viewed by other users, which can lead to unauthorized actions or data theft if successfully executed. It is essential for users to implement the necessary security patches and updates to mitigate this risk.

Affected Version(s)

HPE OneView for VMware vCenter with Operations Manager and Log Insight 9.5

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2019
Vulnerability Reserved
May 13, 2019