CVE-2020-7198

Published: Nov 6, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.

Affected (21)

Products: Hp: Oneview, Synergy Composer, Synergy Composer 2

3 products

Oneview

Synergy Composer

Synergy Composer 2

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Hp Oneview	Version 5.00.01
Hp Oneview	Version 5.00.02
Hp Oneview	Version 5.0
Hp Oneview	Version 5.20.01
Hp Oneview	Version 5.2
Hp Oneview	Version 5.3
Hp Oneview	Version 5.4
Hp Synergy Composer	Version 5.00.01
Hp Synergy Composer	Version 5.00.02
Hp Synergy Composer	Version 5.0
Hp Synergy Composer	Version 5.20.01
Hp Synergy Composer	Version 5.2
Hp Synergy Composer	Version 5.3
Hp Synergy Composer	Version 5.4
Hp Synergy Composer 2	Version 5.00.01
Hp Synergy Composer 2	Version 5.00.02
Hp Synergy Composer 2	Version 5.0
Hp Synergy Composer 2	Version 5.20.01
Hp Synergy Composer 2	Version 5.2
Hp Synergy Composer 2	Version 5.3
Hp Synergy Composer 2	Version 5.4

References (2)

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04047en_us

Source: security-alert@hpe.com

Vendor Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04047en_us

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.