Sign-up

ID

VAR-202004-2081


CVE

CVE-2020-7134


TITLE

HPE IOT + GCP Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004936

DESCRIPTION

A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. There are security vulnerabilities in HPE UIoT 1.4.2 and earlier versions. HPE UIoT is a set of universal Internet of Things platforms for Hewlett Packard Enterprise (HPE). The platform has functions such as data analysis, currency security, and synchronization management. The following products and versions are affected: HPE IOT + GCP version 1.4.0, version 1.4.1, version 1.4.2, version 1.2.4.2

Trust: 2.79

sources: NVD: CVE-2020-7134 // JVNDB: JVNDB-2020-004936 // CNVD: CNVD-2020-28767 // CNNVD: CNNVD-202004-2134 // VULMON: CVE-2020-7134

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-28767

AFFECTED PRODUCTS

vendor:hpmodel:hpe iot \+ gcpscope:eqversion:1.2.4.2

Trust: 1.0

vendor:hpmodel:hpe iot \+ gcpscope:eqversion:1.4.0

Trust: 1.0

vendor:hpmodel:hpe iot \+ gcpscope:eqversion:1.4.2

Trust: 1.0

vendor:hpmodel:hpe iot \+ gcpscope:eqversion:1.4.1

Trust: 1.0

vendor:hewlett packardmodel:hpe iot + gcpscope:eqversion:1.2.4.2

Trust: 0.8

vendor:hewlett packardmodel:hpe iot + gcpscope:eqversion:1.4.0

Trust: 0.8

vendor:hewlett packardmodel:hpe iot + gcpscope:eqversion:1.4.1

Trust: 0.8

vendor:hewlett packardmodel:hpe iot + gcpscope:eqversion:1.4.2

Trust: 0.8

vendor:hpemodel:uiotscope:lteversion:<=1.4.2

Trust: 0.6

sources: CNVD: CNVD-2020-28767 // JVNDB: JVNDB-2020-004936 // NVD: CVE-2020-7134

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7134
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-004936
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-28767
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2134
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-7134
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-7134
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004936
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-28767
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-7134
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004936
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-28767 // VULMON: CVE-2020-7134 // JVNDB: JVNDB-2020-004936 // CNNVD: CNNVD-202004-2134 // NVD: CVE-2020-7134

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2020-004936 // NVD: CVE-2020-7134

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2134

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-2134

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004936

PATCH
title:hpesbhf03947en_usurl:https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf03947en_us
Trust: 0.8
title:Patch for HPE UIoT Information Disclosure Vulnerability (CNVD-2020-28767)url:https://www.cnvd.org.cn/patchInfo/show/217795
Trust: 0.6
title:HPE UIoT Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117057
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-28767 // 
            
            
            
            JVNDB: JVNDB-2020-004936 // 
            
            
            
            CNNVD: CNNVD-202004-2134

EXTERNAL IDS
db:NVDid:CVE-2020-7134
Trust: 3.1
db:JVNDBid:JVNDB-2020-004936
Trust: 0.8
db:CNVDid:CNVD-2020-28767
Trust: 0.6
db:CNNVDid:CNNVD-202004-2134
Trust: 0.6
db:VULMONid:CVE-2020-7134
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28767 // 
            
            
            
            VULMON: CVE-2020-7134 // 
            
            
            
            JVNDB: JVNDB-2020-004936 // 
            
            
            
            CNNVD: CNNVD-202004-2134 // 
            
            
            
            NVD: CVE-2020-7134

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-7134
Trust: 2.0
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03947en_us
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7134
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28767 // 
            
            
            
            VULMON: CVE-2020-7134 // 
            
            
            
            JVNDB: JVNDB-2020-004936 // 
            
            
            
            CNNVD: CNNVD-202004-2134 // 
            
            
            
            NVD: CVE-2020-7134

SOURCES
db:CNVDid:CNVD-2020-28767
db:VULMONid:CVE-2020-7134
db:JVNDBid:JVNDB-2020-004936
db:CNNVDid:CNNVD-202004-2134
db:NVDid:CVE-2020-7134

LAST UPDATE DATE
2024-11-23T22:48:00.624000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-28767date:2020-05-18T00:00:00
db:VULMONid:CVE-2020-7134date:2020-05-04T00:00:00
db:JVNDBid:JVNDB-2020-004936date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2134date:2020-06-24T00:00:00
db:NVDid:CVE-2020-7134date:2024-11-21T05:36:41.470

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-28767date:2020-05-18T00:00:00
db:VULMONid:CVE-2020-7134date:2020-04-24T00:00:00
db:JVNDBid:JVNDB-2020-004936date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2134date:2020-04-24T00:00:00
db:NVDid:CVE-2020-7134date:2020-04-24T19:15:13.473