CVE-2019-12000

Published: Jul 17, 2020Modified: Nov 21, 2024

6.6

Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.7 / Impact: 5.9

Source: NVD

Description

HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging Gateway Configuration and Operations Guide.

Affected (1)

Products: Hp: Mse Msg Gw Application E Ltu

1 product

Mse Msg Gw Application E Ltu

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hp Mse Msg Gw Application E Ltu	Before 3.2

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (2)

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03979en_us

Source: security-alert@hpe.com

Vendor Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03979en_us

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.