Unauthenticated Server Side Request Forgery in HPE Serviceguard Manager
CVE-2022-37938

9.8CRITICAL

Key Information:

Vendor: HP (HP)
Status: HP Serviceguard For Linux
Vendor: CVE Published:; 1 March 2023

What is CVE-2022-37938?

The vulnerability within HPE Serviceguard Manager allows an unauthenticated user to exploit server side request forgery (SSRF) scenarios. This enables attackers to send crafted requests from the vulnerable server to internal resources, potentially compromising sensitive data and network integrity. Such vulnerabilities pose serious threats as they can be leveraged to bypass network protections and access private services.

Affected Version(s)

HPE Serviceguard for Linux 0

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2023
Vulnerability Reserved
Aug 8, 2022

HP (HP)

What is CVE-2022-37938?

Affected Version(s)

References

CVSS V3.1

Timeline