CVE-2022-37930

Published: Dec 12, 2022Modified: May 2, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information.

Affected (18)

Products: Hpe: Sf100 Firmware, Sf300 Firmware, Hf60c Firmware, Hf40c Firmware, Hf20 Firmware, Hf40 Firmware, Hf60 Firmware, Hf20h Firmware, Hf20c Firmware

9 products

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Sf100 Firmware	Before 5.2.1.900
Hpe Sf100 Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Sf100	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Sf300 Firmware	Before 5.2.1.900
Hpe Sf300 Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Sf300	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Hf60c Firmware	Before 5.2.1.900
Hpe Hf60c Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Hf60c	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Hf40c Firmware	Before 5.2.1.900
Hpe Hf40c Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Hf40c	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Hf20 Firmware	Before 5.2.1.900
Hpe Hf20 Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Hf20	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Hf40 Firmware	Before 5.2.1.900
Hpe Hf40 Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Hf40	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Hf60 Firmware	Before 5.2.1.900
Hpe Hf60 Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Hf60	All versions

Configuration H

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Hf20h Firmware	Before 5.2.1.900
Hpe Hf20h Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Hf20h	All versions

Configuration I

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Hf20c Firmware	Before 5.2.1.900
Hpe Hf20c Firmware	Version 5.3.0.0

Running on/with	Platform Versions
Hpe Hf20c	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04361en_us

Source: security-alert@hpe.com

Vendor Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04361en_us

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.