{"containers": {"cna": {"affected": [{"product": "HP XP7 CVAE", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"status": "affected", "version": "earlier than 8.6.2-02"}]}], "descriptions": [{"lang": "en", "value": "Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr."}], "problemTypes": [{"descriptions": [{"description": "remote access restriction bypass; remote access restriction bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-09T17:49:26.000Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2019-5408", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HP XP7 CVAE", "version": {"version_data": [{"version_value": "earlier than 8.6.2-02"}]}}]}, "vendor_name": "Hewlett Packard Enterprise (HPE)"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote access restriction bypass; remote access restriction bypass"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:54:53.465Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us"}]}]}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2019-5408", "datePublished": "2019-08-09T17:49:26.000Z", "dateReserved": "2019-01-04T00:00:00.000Z", "dateUpdated": "2024-08-04T19:54:53.465Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:xp7_device_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CF4D741-993D-4FE0-8015-B65D2181EEA3", "versionEndExcluding": "8.6.1-02", "versionStartIncluding": "7.0.0-00", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:xp7_replication_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF97AE2C-15F0-4F69-A836-EB12DFE0947F", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:xp7_tiered_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "C074B066-8E86-4D42-AF1A-37F88F72FD33", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr."}, {"lang": "es", "value": "Los productos Command View Advanced Edition (CVAE) contienen una vulnerabilidad que podr\u00eda exponer la informaci\u00f3n de configuraci\u00f3n de hosts y sistemas de almacenamiento administrados mediante el servidor Device Manager. Este problema es debido a una vulnerabilidad en la GUI del Administrador de Dispositivos. Los siguientes productos est\u00e1n afectados. DevMgr versiones 7.0.0-00 y anteriores a 8.6.1-02, RepMgr si est\u00e1 instalado en el mismo equipo que DevMgr, TSMgr si est\u00e1 instalado en el mismo equipo que DevMgr. La resoluci\u00f3n es actualizar a versi\u00f3n corregida como se describe a continuaci\u00f3n o versi\u00f3n posterior de DevMgr 8.6.2-02 o posterior. RepMgr y TSMgr ser\u00e1n corregidos mediante la actualizaci\u00f3n de DevMgr."}], "id": "CVE-2019-5408", "lastModified": "2024-11-21T04:44:53.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-09T18:15:12.697", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}