Sign-up

ID

VAR-202005-0956


CVE

CVE-2020-7137


TITLE

HPE Superdome Flex Server Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005660

DESCRIPTION

A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue. HPE Superdome Flex Server There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-7137 // JVNDB: JVNDB-2020-005660

AFFECTED PRODUCTS

vendor:hpemodel:superdome flex serverscope:ltversion:3.25.46

Trust: 1.0

vendor:hewlett packardmodel:hpe superdome flex serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-005660 // NVD: CVE-2020-7137

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7137
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005660
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202005-978
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-7137
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-005660
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-7137
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005660
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-005660 // CNNVD: CNNVD-202005-978 // NVD: CVE-2020-7137

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-005660 // NVD: CVE-2020-7137

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-978

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202005-978

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005660

PATCH
title:hpesbhf04004en_usurl:https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf04004en_us
Trust: 0.8
title:HPE Superdome Flex Server Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119380
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-005660 // 
            
            
            
            CNNVD: CNNVD-202005-978

EXTERNAL IDS
db:NVDid:CVE-2020-7137
Trust: 2.4
db:JVNDBid:JVNDB-2020-005660
Trust: 0.8
db:NSFOCUSid:47772
Trust: 0.6
db:AUSCERTid:ESB-2020.1952
Trust: 0.6
db:CNNVDid:CNNVD-202005-978
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-005660 // 
            
            
            
            CNNVD: CNNVD-202005-978 // 
            
            
            
            NVD: CVE-2020-7137

REFERENCES
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf04004en_us
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-7137
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7137
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1952/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47772
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-005660 // 
            
            
            
            CNNVD: CNNVD-202005-978 // 
            
            
            
            NVD: CVE-2020-7137

SOURCES
db:JVNDBid:JVNDB-2020-005660
db:CNNVDid:CNNVD-202005-978
db:NVDid:CVE-2020-7137

LAST UPDATE DATE
2024-11-23T22:37:23.252000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-005660date:2020-06-19T00:00:00
db:CNNVDid:CNNVD-202005-978date:2020-08-14T00:00:00
db:NVDid:CVE-2020-7137date:2024-11-21T05:36:41.800

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-005660date:2020-06-19T00:00:00
db:CNNVDid:CNNVD-202005-978date:2020-05-19T00:00:00
db:NVDid:CVE-2020-7137date:2020-05-19T23:15:09.790