Remote Information Disclosure Vulnerability in HPE OneView Global Dashboard
CVE-2020-7130

7.5HIGH

Key Information:

Vendor: HP
Status: HP Oneview Global Dashboard
Vendor: CVE Published:; 4 March 2020

What is CVE-2020-7130?

HPE OneView Global Dashboard version 1.9 contains a vulnerability that allows for remote information disclosure. Following the installation or upgrade of this version, the appliance firewall may inadvertently leave certain ports open, which could be exploited by an unauthorized user to access sensitive data. To mitigate this risk, upgrading to OVGD version 1.91 or later is strongly advised.

Affected Version(s)

HPE OneView Global Dashboard 1.9

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2020
Vulnerability Reserved
Jan 16, 2020