Remote Access Vulnerability in HPE Smart Update Manager by Hewlett Packard Enterprise
CVE-2020-7136

9.8CRITICAL

Key Information:

Vendor: HP
Status: Smart Update Manager (sum)
Vendor: CVE Published:; 30 April 2020

Summary

A vulnerability exists in HPE Smart Update Manager versions prior to 8.5.6, allowing for potential remote unauthorized access. It is crucial that users update to the latest version provided by Hewlett Packard Enterprise to mitigate any security risks. Users can download the update from the HPE Support Center to ensure their systems are protected against this vulnerability.

Affected Version(s)

Smart Update Manager (SUM) Prior to v8.5.6

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_CONFIRM

EPSS Score

31% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 30, 2020
Vulnerability Reserved
Jan 16, 2020