Details of VAR-202303-0785

ID

VAR-202303-0785

CVE

CVE-2022-37939

TITLE

Hewlett Packard Enterprise Superdome Flex Server Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202303-815

DESCRIPTION

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8

Trust: 0.99

sources: NVD: CVE-2022-37939 // VULMON: CVE-2022-37939

AFFECTED PRODUCTS

vendor:	hpe	model:	superdome flex 280 server	scope:	lt	version:	1.45.8	Trust: 1.0
vendor:	hpe	model:	superdome flex server	scope:	lt	version:	3.65.8	Trust: 1.0

sources: NVD: CVE-2022-37939

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-37939
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202303-815
value:	MEDIUM
Trust: 0.6

NVD:	CVE-2022-37939
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202303-815 // NVD: CVE-2022-37939

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2022-37939

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202303-815

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202303-815

CONFIGURATIONS

sources: NVD: CVE-2022-37939

PATCH

title:

Hewlett Packard Enterprise Superdome Flex Server Repair measures for information disclosure vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqbyid.tag?id=229461

Trust: 0.6

sources: CNNVD: CNNVD-202303-815

EXTERNAL IDS

db:	NVD	id:	CVE-2022-37939	Trust: 1.7
db:	CNNVD	id:	CNNVD-202303-815	Trust: 0.6
db:	VULMON	id:	CVE-2022-37939	Trust: 0.1

sources: VULMON: CVE-2022-37939 // CNNVD: CNNVD-202303-815 // NVD: CVE-2022-37939

REFERENCES

url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf04453en_us	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2022-37939/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-37939 // CNNVD: CNNVD-202303-815 // NVD: CVE-2022-37939

SOURCES

db:	VULMON	id:	CVE-2022-37939
db:	CNNVD	id:	CNNVD-202303-815
db:	NVD	id:	CVE-2022-37939

LAST UPDATE DATE

2023-03-17T23:07:35.822000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-37939	date:	2023-03-11T00:00:00
db:	CNNVD	id:	CNNVD-202303-815	date:	2023-03-17T00:00:00
db:	NVD	id:	CVE-2022-37939	date:	2023-03-16T17:10:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-37939	date:	2023-03-10T00:00:00
db:	CNNVD	id:	CNNVD-202303-815	date:	2023-03-10T00:00:00
db:	NVD	id:	CVE-2022-37939	date:	2023-03-10T21:15:00