Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-28624

A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE FlexNetwork 5130EL_7.10.R3507P02 and HPE FlexFabric 5945_7.10.R6635.

Published

2022-07-08T13:15:08.193

Last Modified

2024-11-21T06:57:36.227

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hpe	flexnetwork_5130_ei_firmware	7.10.r3507p02	Yes
Hardware	hpe	flexnetwork_5130_ei	-	No
Operating System	hpe	flexfabric_5945_firmware	7.10.r6635	Yes
Hardware	hpe	flexfabric_5945	-	No

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04265en_us Vendor Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04265en_us Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)