ID

VAR-202303-0785


CVE

CVE-2022-37939


TITLE

HPE Superdome Flex  and  Superdome Flex 280  Vulnerabilities in the server

Trust: 0.8

sources: JVNDB: JVNDB-2023-001966

DESCRIPTION

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8

Trust: 1.71

sources: NVD: CVE-2022-37939 // JVNDB: JVNDB-2023-001966 // VULMON: CVE-2022-37939

AFFECTED PRODUCTS

vendor:hpemodel:superdome flex serverscope:ltversion:3.65.8

Trust: 1.0

vendor:hpemodel:superdome flex 280 serverscope:ltversion:1.45.8

Trust: 1.0

vendor:ヒューレット パッカード エンタープライズmodel:hpe superdome flex serverscope: - version: -

Trust: 0.8

vendor:日立model:日立高信頼サーバ rv3000scope: - version: -

Trust: 0.8

vendor:ヒューレット パッカード エンタープライズmodel:hpe superdome flex 280 serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-001966 // NVD: CVE-2022-37939

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-37939
value: MEDIUM

Trust: 1.8

security-alert@hpe.com: CVE-2022-37939
value: LOW

Trust: 1.0

CNNVD: CNNVD-202303-815
value: MEDIUM

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

security-alert@hpe.com:
baseSeverity: LOW
baseScore: 2.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-37939
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-001966 // NVD: CVE-2022-37939 // NVD: CVE-2022-37939 // CNNVD: CNNVD-202303-815

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-001966 // NVD: CVE-2022-37939

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202303-815

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202303-815

CONFIGURATIONS

sources: NVD: CVE-2022-37939

PATCH

title:hpesbhf04453en_us Hitachi Server / Client Product Security Informationurl:https://support.hpe.com/hpesc/public/docdisplay?doclocale=en_us&docid=emr_na-hpesbhf04453en_us

Trust: 0.8

title:Hewlett Packard Enterprise Superdome Flex Server Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=229461

Trust: 0.6

sources: JVNDB: JVNDB-2023-001966 // CNNVD: CNNVD-202303-815

EXTERNAL IDS

db:NVDid:CVE-2022-37939

Trust: 3.3

db:JVNDBid:JVNDB-2023-001966

Trust: 0.8

db:CNNVDid:CNNVD-202303-815

Trust: 0.6

db:VULMONid:CVE-2022-37939

Trust: 0.1

sources: VULMON: CVE-2022-37939 // JVNDB: JVNDB-2023-001966 // NVD: CVE-2022-37939 // CNNVD: CNNVD-202303-815

REFERENCES

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf04453en_us

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-37939

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-37939/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-37939 // JVNDB: JVNDB-2023-001966 // NVD: CVE-2022-37939 // CNNVD: CNNVD-202303-815

SOURCES

db:VULMONid:CVE-2022-37939
db:JVNDBid:JVNDB-2023-001966
db:NVDid:CVE-2022-37939
db:CNNVDid:CNNVD-202303-815

LAST UPDATE DATE

2023-12-18T13:36:24.730000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-37939date:2023-03-11T00:00:00
db:JVNDBid:JVNDB-2023-001966date:2023-05-30T06:31:00
db:NVDid:CVE-2022-37939date:2023-11-07T03:49:57.090
db:CNNVDid:CNNVD-202303-815date:2023-03-17T00:00:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-37939date:2023-03-10T00:00:00
db:JVNDBid:JVNDB-2023-001966date:2023-05-30T00:00:00
db:NVDid:CVE-2022-37939date:2023-03-10T21:15:12.303
db:CNNVDid:CNNVD-202303-815date:2023-03-10T00:00:00