CVE-2019-5394 - OpenCVE

The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity High

Authentication Multiple

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

AV:L/AC:H/Au:M/C:P/I:P/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Blade Maintenance Entity Integrated Maintenance Entity Maintenance Entity

Configuration 1 [-]

OR	cpe:2.3:a:hp:blade_maintenance_entity::::::::
	cpe:2.3:a:hp:integrated_maintenance_entity::::::::
	cpe:2.3:a:hp:maintenance_entity::::::::

No data.

References

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03925en_us

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2019-06-05T17:46:14

Updated: 2024-08-04T19:54:53.314Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5394

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-06-05T18:29:01.137

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-5394

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HPE NonStop Maintanence Entity", "vendor": "n/a", "versions": [{"status": "affected", "version": "Integrated Maintenance Entity T1805 T1805A01 through T1805A01^AAG and Maintenance Entity T2805 T2805A01 through T2805A01^AAT and Blade Maintenance Entity FW T4805 T4805A01 through T4805A01^AAX"}]}], "datePublic": "2019-05-29T00:00:00", "descriptions": [{"lang": "en", "value": "The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration."}], "problemTypes": [{"descriptions": [{"description": "Local Disclosure of Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-05T17:46:14", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03925en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2019-5394", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HPE NonStop Maintanence Entity", "version": {"version_data": [{"version_value": "Integrated Maintenance Entity T1805 T1805A01 through T1805A01^AAG and Maintenance Entity T2805 T2805A01 through T2805A01^AAT and Blade Maintenance Entity FW T4805 T4805A01 through T4805A01^AAX"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Local Disclosure of Information"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03925en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03925en_us"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:54:53.314Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03925en_us"}]}]}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2019-5394", "datePublished": "2019-06-05T17:46:14", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:54:53.314Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:blade_maintenance_entity:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9733837-47A3-4D07-AAED-1ADB522D96CE", "versionEndIncluding": "t4805a01\\^aax", "versionStartIncluding": "t4805a01", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:integrated_maintenance_entity:*:*:*:*:*:*:*:*", "matchCriteriaId": "82578489-79EA-455A-BAA4-9DF3B2E5CAF7", "versionEndIncluding": "t1805a01\\^aag", "versionStartIncluding": "t1805a01", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:maintenance_entity:*:*:*:*:*:*:*:*", "matchCriteriaId": "51E1B281-6279-4EA6-B085-A2A397E47269", "versionEndIncluding": "t2805a01\\^aat", "versionStartIncluding": "t2805a01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration."}, {"lang": "es", "value": "La familia de productos HPE Nonstop Maintenance Entity es vulnerable a la divulgaci\u00f3n de informaci\u00f3n local, tales como el dise\u00f1o y la configuraci\u00f3n del sistema."}], "id": "CVE-2019-5394", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "MULTIPLE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:M/C:P/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 1.2, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 0.3, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-05T18:29:01.137", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03925en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}