CVE-2022-37939 - OpenCVE

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hpe	Superdome Flex Server Firmware Superdome Flex 280 Server Superdome Flex 280 Server Firmware Superdome Flex Server

Configuration 1 [-]

AND

cpe:2.3:o:hpe:superdome_flex_280_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:superdome_flex_280_server:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hpe:superdome_flex_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:superdome_flex_server:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04453en_us	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hpe

Published: 2023-03-08T20:48:26.082Z

Updated: 2023-03-10T20:04:40.537099Z

Reserved: 2022-08-08T18:49:44.388Z

Link: CVE-2022-37939

JSON object: View

NVD Information

Status : Modified

Published: 2023-03-10T21:15:12.303

Modified: 2023-11-07T03:49:57.090

Link: CVE-2022-37939

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-37939", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2022-08-08T18:49:44.388Z", "datePublished": "2023-03-08T20:48:26.082Z", "dateUpdated": "2023-03-10T20:04:40.537099Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HPE Superdome Flex Servers; HPE Superdome Flex 280 Servers", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"status": "unaffected", "version": "Prior to Superdome Flex 3.65.8; Prior to Superdome Flex 280 1.45.8"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8.</p>"}], "value": "A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-03-10T20:04:40.537099Z"}, "references": [{"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04453en_us"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "cveClient/1.0.13"}, "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hpe:superdome_flex_280_server_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE972518-A726-44E3-9AF5-8730EA4E377F", "versionEndExcluding": "1.45.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hpe:superdome_flex_280_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "72361B1C-8CC6-4398-8076-D2A52E13A97A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hpe:superdome_flex_server_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "23A35AD7-C115-41CC-B60D-E30B7406BE4B", "versionEndExcluding": "3.65.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hpe:superdome_flex_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "74B3DA6F-91D3-4C17-A34B-6AA6B9642B3F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8.\n\n"}], "id": "CVE-2022-37939", "lastModified": "2023-11-07T03:49:57.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "security-alert@hpe.com", "type": "Secondary"}]}, "published": "2023-03-10T21:15:12.303", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04453en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}