{"containers": {"cna": {"affected": [{"product": "HP Z4 G4 Workstation (Xeon W)", "vendor": "n/a", "versions": [{"status": "affected", "version": "before 1.70"}]}, {"product": "HP Z4 G4 Workstation (Xeon W) (Linux)", "vendor": "n/a", "versions": [{"status": "affected", "version": "before 1.70"}]}, {"product": "HP Z4 G4 Core-X Workstation", "vendor": "n/a", "versions": [{"status": "affected", "version": "before 1.70"}]}, {"product": "HP Z4 G4 Core-X Workstation (Linux)", "vendor": "n/a", "versions": [{"status": "affected", "version": "before 1.70"}]}, {"product": "HP Z6 G4 Workstation", "vendor": "n/a", "versions": [{"status": "affected", "version": "before 1.71"}]}, {"product": "HP Z6 G4 Workstation (Linux)", "vendor": "n/a", "versions": [{"status": "affected", "version": "before 1.71"}]}, {"product": "HP Z8 G4 Workstation", "vendor": "n/a", "versions": [{"status": "affected", "version": "before 1.71"}]}, {"product": "HP Z8 G4 Workstation (Linux)", "vendor": "n/a", "versions": [{"status": "affected", "version": "before 1.71"}]}], "datePublic": "2019-05-03T00:00:00", "descriptions": [{"lang": "en", "value": "HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default."}], "problemTypes": [{"descriptions": [{"description": "Escalation of Privilege, Denial of Service, Information Disclosure, Loss of Confidentiality, Loss of Integrity", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-29T19:55:14", "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp"}, "references": [{"name": "HPSBHF03614", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "https://support.hp.com/us-en/document/c06318199"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2019-6321", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HP Z4 G4 Workstation (Xeon W)", "version": {"version_data": [{"version_value": "before 1.70"}]}}, {"product_name": "HP Z4 G4 Workstation (Xeon W) (Linux)", "version": {"version_data": [{"version_value": "before 1.70"}]}}, {"product_name": "HP Z4 G4 Core-X Workstation", "version": {"version_data": [{"version_value": "before 1.70"}]}}, {"product_name": "HP Z4 G4 Core-X Workstation (Linux)", "version": {"version_data": [{"version_value": "before 1.70"}]}}, {"product_name": "HP Z6 G4 Workstation", "version": {"version_data": [{"version_value": "before 1.71"}]}}, {"product_name": "HP Z6 G4 Workstation (Linux)", "version": {"version_data": [{"version_value": "before 1.71"}]}}, {"product_name": "HP Z8 G4 Workstation", "version": {"version_data": [{"version_value": "before 1.71"}]}}, {"product_name": "HP Z8 G4 Workstation (Linux)", "version": {"version_data": [{"version_value": "before 1.71"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Escalation of Privilege, Denial of Service, Information Disclosure, Loss of Confidentiality, Loss of Integrity"}]}]}, "references": {"reference_data": [{"name": "HPSBHF03614", "refsource": "HP", "url": "https://support.hp.com/us-en/document/c06318199"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:16:24.882Z"}, "title": "CVE Program Container", "references": [{"name": "HPSBHF03614", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "https://support.hp.com/us-en/document/c06318199"}]}]}, "cveMetadata": {"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "assignerShortName": "hp", "cveId": "CVE-2019-6321", "datePublished": "2019-05-29T19:55:14", "dateReserved": "2019-01-15T00:00:00", "dateUpdated": "2024-08-04T20:16:24.882Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z4_g4_workstation_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D705A2F2-BDF8-4ACB-B682-E9EB26D5558F", "versionEndExcluding": "1.70", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z4_g4_workstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7A880C4-65EC-4D4C-9F31-68AFD4BE79C8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z4_g4_core-x_workstation_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "61D5EEEF-309C-4A67-9395-4D96B0D96859", "versionEndExcluding": "1.70", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z4_g4_core-x_workstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "A49133ED-9C3F-400D-972E-23FAB43B7B25", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z6_g4_workstation_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "71022F3C-5A46-467C-88EF-3B24B97F5516", "versionEndExcluding": "1.71", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z6_g4_workstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DD26B60-086E-4C83-B3EB-CA4981AAAF7C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z8_g4_workstation_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "26F06BE0-00B1-4216-B4ED-42837F3F1AD2", "versionEndExcluding": "1.71", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z8_g4_workstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "068354B9-5842-4014-A466-011FA1AA62B5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z4_g4_workstation_firmware:*:*:*:*:*:linux:*:*", "matchCriteriaId": "66FA358A-3EE5-4440-BB90-034051564C5B", "versionEndExcluding": "1.70", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z4_g4_workstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7A880C4-65EC-4D4C-9F31-68AFD4BE79C8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z4_g4_core-x_workstation_firmware:*:*:*:*:*:linux:*:*", "matchCriteriaId": "A5C7B2C1-5F0B-4AB5-B6DE-673B5ED5ED52", "versionEndExcluding": "1.70", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z4_g4_core-x_workstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "A49133ED-9C3F-400D-972E-23FAB43B7B25", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z6_g4_workstation_firmware:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C80EFB03-1270-49B1-AD2D-0F217AD2CD0E", "versionEndExcluding": "1.71", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z6_g4_workstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DD26B60-086E-4C83-B3EB-CA4981AAAF7C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z8_g4_workstation_firmware:*:*:*:*:*:linux:*:*", "matchCriteriaId": "421AD855-EE9B-4BA8-92B7-2A1AAD2E041F", "versionEndExcluding": "1.71", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z8_g4_workstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "068354B9-5842-4014-A466-011FA1AA62B5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default."}, {"lang": "es", "value": "HP ha encontrado una vulnerabilidad de seguridad con algunas versiones de Workstation BIOS (UEFI Firmware), donde el tiempo de ejecuci\u00f3n del c\u00f3digo BIOS podr\u00eda ser manipulado si el TPM est\u00e1 deshabilitado. Esta vulnerabilidad esta relacionada con Workstatiosn cuyo TPM est\u00e1 deshabilitado por defecto."}], "id": "CVE-2019-6321", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-29T20:29:00.330", "references": [{"source": "hp-security-alert@hp.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.hp.com/us-en/document/c06318199"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}