CVE-2019-5408 - OpenCVE

Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Xp7 Device Manager Xp7 Replication Manager Xp7 Tiered Storage Manager

Configuration 1 [-]

OR	cpe:2.3:a:hp:xp7_device_manager::::::::
	cpe:2.3:a:hp:xp7_replication_manager:-:::::::*
	cpe:2.3:a:hp:xp7_tiered_storage_manager:-:::::::*

No data.

References

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2019-08-09T17:49:26

Updated: 2024-08-04T19:54:53.465Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5408

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-08-09T18:15:12.697

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-5408

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HP XP7 CVAE", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"status": "affected", "version": "earlier than 8.6.2-02"}]}], "descriptions": [{"lang": "en", "value": "Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr."}], "problemTypes": [{"descriptions": [{"description": "remote access restriction bypass; remote access restriction bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-09T17:49:26", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2019-5408", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HP XP7 CVAE", "version": {"version_data": [{"version_value": "earlier than 8.6.2-02"}]}}]}, "vendor_name": "Hewlett Packard Enterprise (HPE)"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote access restriction bypass; remote access restriction bypass"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:54:53.465Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us"}]}]}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2019-5408", "datePublished": "2019-08-09T17:49:26", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:54:53.465Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:xp7_device_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CF4D741-993D-4FE0-8015-B65D2181EEA3", "versionEndExcluding": "8.6.1-02", "versionStartIncluding": "7.0.0-00", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:xp7_replication_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF97AE2C-15F0-4F69-A836-EB12DFE0947F", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:xp7_tiered_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "C074B066-8E86-4D42-AF1A-37F88F72FD33", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr."}, {"lang": "es", "value": "Los productos Command View Advanced Edition (CVAE) contienen una vulnerabilidad que podr\u00eda exponer la informaci\u00f3n de configuraci\u00f3n de hosts y sistemas de almacenamiento administrados mediante el servidor Device Manager. Este problema es debido a una vulnerabilidad en la GUI del Administrador de Dispositivos. Los siguientes productos est\u00e1n afectados. DevMgr versiones 7.0.0-00 y anteriores a 8.6.1-02, RepMgr si est\u00e1 instalado en el mismo equipo que DevMgr, TSMgr si est\u00e1 instalado en el mismo equipo que DevMgr. La resoluci\u00f3n es actualizar a versi\u00f3n corregida como se describe a continuaci\u00f3n o versi\u00f3n posterior de DevMgr 8.6.2-02 o posterior. RepMgr y TSMgr ser\u00e1n corregidos mediante la actualizaci\u00f3n de DevMgr."}], "id": "CVE-2019-5408", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-09T18:15:12.697", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}