Details of VAR-201808-0951

ID

VAR-201808-0951

CVE

CVE-2018-7070

TITLE

HPE CentralView Fraud Risk Management Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-008926

DESCRIPTION

HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version

Trust: 1.62

sources: NVD: CVE-2018-7070 // JVNDB: JVNDB-2018-008926

AFFECTED PRODUCTS

vendor:	hp	model:	centralview fraud risk management	scope:	lt	version:	6.1	Trust: 1.0
vendor:	hewlett packard	model:	hpe centralview fraud risk management	scope:	lt	version:	cv 6.1	Trust: 0.8

sources: JVNDB: JVNDB-2018-008926 // NVD: CVE-2018-7070

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7070
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-7070
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201808-169
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2018-7070
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2018-7070
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: JVNDB: JVNDB-2018-008926 // CNNVD: CNNVD-201808-169 // NVD: CVE-2018-7070

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2018-008926 // NVD: CVE-2018-7070

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-169

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201808-169

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008926

PATCH

title:	HPESBMU03837	url:	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us	Trust: 0.8
title:	HPE CentralView Fraud Risk Management Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83975	Trust: 0.6

sources: JVNDB: JVNDB-2018-008926 // CNNVD: CNNVD-201808-169

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7070	Trust: 2.4
db:	JVNDB	id:	JVNDB-2018-008926	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-169	Trust: 0.6

sources: JVNDB: JVNDB-2018-008926 // CNNVD: CNNVD-201808-169 // NVD: CVE-2018-7070

REFERENCES

url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbmu03837en_us	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7070	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7070	Trust: 0.8
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbmu03837en_us	Trust: 0.6

sources: JVNDB: JVNDB-2018-008926 // CNNVD: CNNVD-201808-169 // NVD: CVE-2018-7070

SOURCES

db:	JVNDB	id:	JVNDB-2018-008926
db:	CNNVD	id:	CNNVD-201808-169
db:	NVD	id:	CVE-2018-7070

LAST UPDATE DATE

2024-11-23T22:26:14.316000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2018-008926	date:	2018-11-01T00:00:00
db:	CNNVD	id:	CNNVD-201808-169	date:	2018-08-07T00:00:00
db:	NVD	id:	CVE-2018-7070	date:	2024-11-21T04:11:35.987

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2018-008926	date:	2018-11-01T00:00:00
db:	CNNVD	id:	CNNVD-201808-169	date:	2018-08-07T00:00:00
db:	NVD	id:	CVE-2018-7070	date:	2018-08-06T20:29:01.883