CVE-2022-37929

Published: Dec 12, 2022Modified: May 2, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.

Affected (18)

Products: Hpe: Sf100 Firmware, Sf300 Firmware, Hf60c Firmware, Hf40c Firmware, Hf20 Firmware, Hf40 Firmware, Hf60 Firmware, Hf20h Firmware, Hf20c Firmware

9 products

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Sf100 Firmware	Before 5.2.1.900
Hpe Sf100 Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Sf100	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Sf300 Firmware	Before 5.2.1.900
Hpe Sf300 Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Sf300	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Hf60c Firmware	Before 5.2.1.900
Hpe Hf60c Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Hf60c	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Hf40c Firmware	Before 5.2.1.900
Hpe Hf40c Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Hf40c	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Hf20 Firmware	Before 5.2.1.900
Hpe Hf20 Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Hf20	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Hf40 Firmware	Before 5.2.1.900
Hpe Hf40 Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Hf40	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Hf60 Firmware	Before 5.2.1.900
Hpe Hf60 Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Hf60	All versions

Configuration H

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Hf20h Firmware	Before 5.2.1.900
Hpe Hf20h Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Hf20h	All versions

Configuration I

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Hf20c Firmware	Before 5.2.1.900
Hpe Hf20c Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Hf20c	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04360en_us

Source: security-alert@hpe.com

Vendor Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04360en_us

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.