Remote File Upload Vulnerability in HPE 3PAR Service Processor
CVE-2019-5395

8.8HIGH

Key Information:

Vendor: HP
Status: HP 3par Service Processor
Vendor: CVE Published:; 9 August 2019

Summary

A remote arbitrary file upload vulnerability has been identified in certain versions of the HPE 3PAR Service Processor. This flaw enables an attacker to upload malicious files remotely, potentially compromising system integrity and availability. Organizations using affected versions of the HPE 3PAR Service Processor are advised to update to version 5.0.5.1 or later to mitigate this risk.

Affected Version(s)

HPE 3PAR Service Processor prior to 5.0.5.1

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 9, 2019
Vulnerability Reserved
Jan 4, 2019