CVE-2021-26579 - OpenCVE

A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hpe	Unified Data Management

Configuration 1 [-]

OR	cpe:2.3:a:hpe:unified_data_management:1.2009.0:::::::*
	cpe:2.3:a:hpe:unified_data_management:1.2101.0:::::::*

No data.

References

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu04112en_us

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2021-03-30T17:27:11

Updated: 2024-08-03T20:26:25.534Z

Reserved: 2021-02-02T00:00:00

Link: CVE-2021-26579

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-03-30T18:15:15.967

Modified: 2022-05-03T16:04:40.443

Link: CVE-2021-26579

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HPE Unified Data Management (UDM)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions 1.2009.0 and 1.2101.0"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys."}], "problemTypes": [{"descriptions": [{"description": "local disclosure of privileged information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-30T17:27:11", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu04112en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2021-26579", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HPE Unified Data Management (UDM)", "version": {"version_data": [{"version_value": "Versions 1.2009.0 and 1.2101.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "local disclosure of privileged information"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu04112en_us", "refsource": "MISC", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu04112en_us"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:26:25.534Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu04112en_us"}]}]}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2021-26579", "datePublished": "2021-03-30T17:27:11", "dateReserved": "2021-02-02T00:00:00", "dateUpdated": "2024-08-03T20:26:25.534Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hpe:unified_data_management:1.2009.0:*:*:*:*:*:*:*", "matchCriteriaId": "6C8803C9-13D2-4330-99BC-C29CFF1FF3E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:hpe:unified_data_management:1.2101.0:*:*:*:*:*:*:*", "matchCriteriaId": "F71C0E81-CE2F-469F-9CCC-9A6E45B8976E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys."}, {"lang": "es", "value": "Una vulnerabilidad de seguridad en HPE Unified Data Management (UDM), podr\u00eda permitir la divulgaci\u00f3n local de informaci\u00f3n privilegiada (CWE-321: Uso de clave criptogr\u00e1fica enviada en un producto). HPE ha proporcionado actualizaciones a las versiones 1.2009.0 y 1.2101.0 de HPE Unified Data Management (UDM). La versi\u00f3n 1.2103.0 de HPE Unified Data Management (UDM) elimina todas las claves criptogr\u00e1ficas embebidas."}], "id": "CVE-2021-26579", "lastModified": "2022-05-03T16:04:40.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-30T18:15:15.967", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu04112en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}