CVE-2023-50271 - OpenCVE

A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hp	System Management Homepage Hp-ux

Configuration 1 [-]

AND

cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04551en_us	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hpe

Published: 2023-12-17T14:49:53.516Z

Updated: 2023-12-17T14:49:53.516Z

Reserved: 2023-12-06T14:22:26.839Z

Link: CVE-2023-50271

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-17T15:15:07.173

Modified: 2023-12-21T20:14:31.063

Link: CVE-2023-50271

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-50271", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2023-12-06T14:22:26.839Z", "datePublished": "2023-12-17T14:49:53.516Z", "dateUpdated": "2023-12-17T14:49:53.516Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "packageName": "SMH", "platforms": ["HP-UX"], "product": "HPE System Management Homepage (SMH)", "vendor": "HPE", "versions": [{"status": "affected", "version": "Prior to HPE SMH ver.A.3.2.23.09"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.</span>\n\n"}], "value": "\nA potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.\n\n"}], "impacts": [{"capecId": "CAPEC-410", "descriptions": [{"lang": "en", "value": "CAPEC-410 Information Elicitation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-12-17T14:49:53.516Z"}, "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04551en_us"}], "source": {"discovery": "UNKNOWN"}, "title": "HP-UX System Management Homepage, Disclosure of Information", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE4DE6A2-D162-4F87-B792-C5CA3003EEE0", "versionEndExcluding": "a.3.2.23.09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nA potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.\n\n"}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en HP-UX System Management Homepage (SMH). Esta vulnerabilidad podr\u00eda explotarse local o remotamente para revelar informaci\u00f3n."}], "id": "CVE-2023-50271", "lastModified": "2023-12-21T20:14:31.063", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "security-alert@hpe.com", "type": "Secondary"}]}, "published": "2023-12-17T15:15:07.173", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04551en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-alert@hpe.com", "type": "Secondary"}]}