CVE-2020-7198

8.8HIGH

Key Information:

Vendor: HP
Status: HP Oneview; HP Synergy Composer; HP Synergy Composer 2
Vendor: CVE Published:; 6 November 2020

Summary

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.

Affected Version(s)

HP OneView; HPE Synergy Composer; HPE Synergy Composer 2 5.0, 5.00.01, 5.00.02, 5.2, 5.20.01, 5.3, 5.4

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 6, 2020
Vulnerability Reserved
Jan 16, 2020