Details of VAR-201808-0668

ID

VAR-201808-0668

CVE

CVE-2017-8992

TITLE

HPE CentralView Fraud Risk Management Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-014191

DESCRIPTION

HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. HPE CentralView Fraud Risk Management Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2017-8992 // JVNDB: JVNDB-2017-014191

AFFECTED PRODUCTS

vendor:	hp	model:	centralview fraud risk management	scope:	lt	version:	6.1	Trust: 1.0
vendor:	hewlett packard	model:	hpe centralview fraud risk management	scope:	lt	version:	6.1	Trust: 0.8

sources: JVNDB: JVNDB-2017-014191 // NVD: CVE-2017-8992

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8992
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-8992
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201705-749
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2017-8992
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2017-8992
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: JVNDB: JVNDB-2017-014191 // CNNVD: CNNVD-201705-749 // NVD: CVE-2017-8992

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2017-014191 // NVD: CVE-2017-8992

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-749

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201705-749

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014191

PATCH

title:	hpesbmu03837en_us	url:	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us	Trust: 0.8
title:	HPE CentralView Fraud Risk Management Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99805	Trust: 0.6

sources: JVNDB: JVNDB-2017-014191 // CNNVD: CNNVD-201705-749

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8992	Trust: 2.4
db:	JVNDB	id:	JVNDB-2017-014191	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-749	Trust: 0.6

sources: JVNDB: JVNDB-2017-014191 // CNNVD: CNNVD-201705-749 // NVD: CVE-2017-8992

REFERENCES

url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbmu03837en_us	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8992	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8992	Trust: 0.8

sources: JVNDB: JVNDB-2017-014191 // CNNVD: CNNVD-201705-749 // NVD: CVE-2017-8992

SOURCES

db:	JVNDB	id:	JVNDB-2017-014191
db:	CNNVD	id:	CNNVD-201705-749
db:	NVD	id:	CVE-2017-8992

LAST UPDATE DATE

2024-11-23T22:45:15.318000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2017-014191	date:	2018-11-12T00:00:00
db:	CNNVD	id:	CNNVD-201705-749	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-8992	date:	2024-11-21T03:35:08.227

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2017-014191	date:	2018-11-12T00:00:00
db:	CNNVD	id:	CNNVD-201705-749	date:	2017-05-17T00:00:00
db:	NVD	id:	CVE-2017-8992	date:	2018-08-06T20:29:01.177