CVE-2018-7069 - OpenCVE

HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Centralview Fraud Risk Management

Configuration 1 [-]

cpe:2.3:a:hp:centralview_fraud_risk_management:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2018-08-06T20:00:00

Updated: 2024-08-05T06:17:17.341Z

Reserved: 2018-02-15T00:00:00

Link: CVE-2018-7069

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-08-06T20:29:01.837

Modified: 2018-10-10T20:23:30.787

Link: CVE-2018-7069

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HPE CentralView Fraud Risk Management", "vendor": "Hewlett Packard Enterprise", "versions": [{"status": "affected", "version": "earlier than version CV 6.1"}]}], "datePublic": "2018-06-19T00:00:00", "descriptions": [{"lang": "en", "value": "HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version."}], "problemTypes": [{"descriptions": [{"description": "remote unathenticated access to files", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-13T19:57:01", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2018-7069", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HPE CentralView Fraud Risk Management", "version": {"version_data": [{"version_value": "earlier than version CV 6.1"}]}}]}, "vendor_name": "Hewlett Packard Enterprise"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote unathenticated access to files"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:17:17.341Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us"}]}]}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2018-7069", "datePublished": "2018-08-06T20:00:00", "dateReserved": "2018-02-15T00:00:00", "dateUpdated": "2024-08-05T06:17:17.341Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:centralview_fraud_risk_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "A24BD336-3D72-4B75-8BC1-C50541168CFD", "versionEndExcluding": "6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version."}, {"lang": "es", "value": "HPE ha identificado una vulnerabilidad de acceso a archivos no autenticado remota en HPE CentralView Fraud Risk Management en versiones anteriores a la CV 6.1. El problema se ha resuelto en HF16 para HPE CV 6.1 o posteriores."}], "id": "CVE-2018-7069", "lastModified": "2018-10-10T20:23:30.787", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-06T20:29:01.837", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}