Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-5408

Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr.

Published

2019-08-09T18:15:12.697

Last Modified

2024-11-21T04:44:53.130

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hp	xp7_device_manager	< 8.6.1-02	Yes
Application	hp	xp7_replication_manager	-	Yes
Application	hp	xp7_tiered_storage_manager	-	Yes

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us Vendor Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)