Weak Key Exchange Algorithms in HPE StoreOnce Software by HPE
CVE-2022-28622

7.5HIGH

Key Information:

Vendor: HP
Status: HP Storeonce Software
Vendor: CVE Published:; 27 June 2022

What is CVE-2022-28622?

A security vulnerability has been identified in HPE StoreOnce Software that involves the SSH server supporting weak key exchange algorithms. This weakness could potentially allow remote unauthorized access to sensitive systems. HPE has released an essential software update to mitigate this vulnerability, applicable to version 4.3.2 of HPE StoreOnce Software.

Affected Version(s)

HPE StoreOnce Software Prior to 4.3.2

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2022
Vulnerability Reserved
Apr 4, 2022