Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-24623

A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD).

Published

2020-09-18T17:15:12.783

Last Modified

2024-11-21T05:15:13.550

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:P/I:N/A:N

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.5

Impact Score

2.9

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hpe	universal_api_framework	< 2.5.2	Yes
Application	hpe	universal_api_framework	< 2.5.2	Yes

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04024en_us Vendor Advisory ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-20-1208/ Third Party Advisory, VDB Entry ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04024en_us Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-20-1208/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)