CVE-2019-5408 - OpenCVE

Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Hp	Xp7 Tiered Storage Manager Xp7 Replication Manager Xp7 Device Manager

Configuration 1 [-]

OR	cpe:2.3:a:hp:xp7_device_manager::::::::
	cpe:2.3:a:hp:xp7_replication_manager:-:::::::*
	cpe:2.3:a:hp:xp7_tiered_storage_manager:-:::::::*

References

Link	Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hpe

Published: 2019-08-09T17:49:26

Updated: 2019-08-09T17:49:26

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5408

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-08-09T18:15:12.697

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-5408

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "HP XP7 CVAE", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"status": "affected", "version": "earlier than 8.6.2-02"}]}], "descriptions": [{"lang": "en", "value": "Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr."}], "problemTypes": [{"descriptions": [{"description": "remote access restriction bypass; remote access restriction bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-09T17:49:26", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2019-5408", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HP XP7 CVAE", "version": {"version_data": [{"version_value": "earlier than 8.6.2-02"}]}}]}, "vendor_name": "Hewlett Packard Enterprise (HPE)"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote access restriction bypass; remote access restriction bypass"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us"}]}}}}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2019-5408", "datePublished": "2019-08-09T17:49:26", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2019-08-09T17:49:26", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:xp7_device_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CF4D741-993D-4FE0-8015-B65D2181EEA3", "versionEndExcluding": "8.6.1-02", "versionStartIncluding": "7.0.0-00", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:xp7_replication_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF97AE2C-15F0-4F69-A836-EB12DFE0947F", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:xp7_tiered_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "C074B066-8E86-4D42-AF1A-37F88F72FD33", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr."}, {"lang": "es", "value": "Los productos Command View Advanced Edition (CVAE) contienen una vulnerabilidad que podr\u00eda exponer la informaci\u00f3n de configuraci\u00f3n de hosts y sistemas de almacenamiento administrados mediante el servidor Device Manager. Este problema es debido a una vulnerabilidad en la GUI del Administrador de Dispositivos. Los siguientes productos est\u00e1n afectados. DevMgr versiones 7.0.0-00 y anteriores a 8.6.1-02, RepMgr si est\u00e1 instalado en el mismo equipo que DevMgr, TSMgr si est\u00e1 instalado en el mismo equipo que DevMgr. La resoluci\u00f3n es actualizar a versi\u00f3n corregida como se describe a continuaci\u00f3n o versi\u00f3n posterior de DevMgr 8.6.2-02 o posterior. RepMgr y TSMgr ser\u00e1n corregidos mediante la actualizaci\u00f3n de DevMgr."}], "id": "CVE-2019-5408", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-09T18:15:12.697", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}