CVE-2022-37931 - Vulnerability Details - OpenCVE

Description

A vulnerability in NetBatch-Plus software allows unauthorized access to the application.

HPE has provided a workaround and fix. Please refer to HPE Security Bulletin

HPESBNS04388

for details.

Published: 2022-11-22

Score: 7.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

HPE

NetBatch-Plus software

unaffected

Version	Status	Constraints
`T9189L01 - T9189L01^ABY`	affected	—
`T9189H01 – T9189H01^ABW`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:hp:nonstop_netbatch-plus::::::::
	cpe:2.3:a:hp:nonstop_netbatch-plus::::::::

No data.

No data available yet.

Remediation

Vendor Solution

Please refer to HPE Security Bulletin HPESBNS04388

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-40538	A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0003.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04388en_us

History

Fri, 25 Apr 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Hp Nonstop Netbatch-plus

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2022-11-22T04:39:30.511Z

Updated: 2025-04-25T20:32:36.732Z

Reserved: 2022-08-08T18:49:44.386Z

Link: CVE-2022-37931

Vulnrichment

Updated: 2024-08-03T10:37:42.567Z

NVD

Status : Modified

Published: 2022-11-22T05:15:11.153

Modified: 2024-11-21T07:15:24.493

Link: CVE-2022-37931

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-287

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-37931", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "dateReserved": "2022-08-08T18:49:44.386Z", "datePublished": "2022-11-22T04:39:30.511Z", "dateUpdated": "2025-04-25T20:32:36.732Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["HPE NonStop Server"], "product": "NetBatch-Plus software", "vendor": "HPE", "versions": [{"status": "affected", "version": "T9189L01 - T9189L01^ABY"}, {"status": "affected", "version": "T9189H01 \u2013 T9189H01^ABW"}]}], "datePublic": "2022-11-18T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability in NetBatch-Plus software allows unauthorized access to the application. \n\nHPE has provided a workaround and fix. Please refer to HPE Security Bulletin \n\n<span style=\"background-color: rgb(255, 255, 255);\">HPESBNS04388 </span>\n\nfor details.<br>"}], "value": "A vulnerability in NetBatch-Plus software allows unauthorized access to the application.\u00a0\n\nHPE has provided a workaround and fix. Please refer to HPE Security Bulletin \n\nHPESBNS04388 \n\nfor details.\n"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2022-11-22T04:39:30.511Z"}, "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04388en_us"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Please refer to HPE Security Bulletin \n\n<span style=\"background-color: rgb(255, 255, 255);\">HPESBNS04388 </span>\n\n"}], "value": "Please refer to HPE Security Bulletin\u00a0\n\nHPESBNS04388 \n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "A vulnerability in NetBatch-Plus software allows unauthorized access to the application", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:37:42.567Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04388en_us", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-25T20:30:14.876474Z", "id": "CVE-2022-37931", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-25T20:32:36.732Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04388en_us", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:37:42.567Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-37931", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-25T20:30:14.876474Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-25T20:31:45.878Z"}}], "cna": {"title": "A vulnerability in NetBatch-Plus software allows unauthorized access to the application", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HPE", "product": "NetBatch-Plus software", "versions": [{"status": "affected", "version": "T9189L01 - T9189L01^ABY"}, {"status": "affected", "version": "T9189H01 \u2013 T9189H01^ABW"}], "platforms": ["HPE NonStop Server"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please refer to HPE Security Bulletin\u00a0\n\nHPESBNS04388 \n\n", "supportingMedia": [{"type": "text/html", "value": "Please refer to HPE Security Bulletin \n\n<span style=\"background-color: rgb(255, 255, 255);\">HPESBNS04388 </span>\n\n", "base64": false}]}], "datePublic": "2022-11-18T06:30:00.000Z", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04388en_us"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A vulnerability in NetBatch-Plus software allows unauthorized access to the application.\u00a0\n\nHPE has provided a workaround and fix. Please refer to HPE Security Bulletin \n\nHPESBNS04388 \n\nfor details.\n", "supportingMedia": [{"type": "text/html", "value": "A vulnerability in NetBatch-Plus software allows unauthorized access to the application. \n\nHPE has provided a workaround and fix. Please refer to HPE Security Bulletin \n\n<span style=\"background-color: rgb(255, 255, 255);\">HPESBNS04388 </span>\n\nfor details.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2022-11-22T04:39:30.511Z"}}}, "cveMetadata": {"cveId": "CVE-2022-37931", "state": "PUBLISHED", "dateUpdated": "2025-04-25T20:32:36.732Z", "dateReserved": "2022-08-08T18:49:44.386Z", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "datePublished": "2022-11-22T04:39:30.511Z", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "assignerShortName": "hpe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:nonstop_netbatch-plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5092EAF-D62E-489B-8C2C-2590CBB356DD", "versionEndExcluding": "t9189h01\\^abw", "versionStartIncluding": "t9189h01", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:nonstop_netbatch-plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "468AC7D6-1CF2-4376-95EC-AD468A05519B", "versionEndExcluding": "t9189l01\\^aby", "versionStartIncluding": "t9189l01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in NetBatch-Plus software allows unauthorized access to the application.\u00a0\n\nHPE has provided a workaround and fix. Please refer to HPE Security Bulletin \n\nHPESBNS04388 \n\nfor details.\n"}, {"lang": "es", "value": "Una vulnerabilidad en el software NetBatch-Plus permite el acceso no autorizado a la aplicaci\u00f3n. HPE ha proporcionado un workaround. Consulte el bolet\u00edn de seguridad de HPE HPESBNS04388 para obtener m\u00e1s detalles."}], "id": "CVE-2022-37931", "lastModified": "2024-11-21T07:15:24.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.5, "source": "security-alert@hpe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-22T05:15:11.153", "references": [{"source": "security-alert@hpe.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04388en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04388en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "security-alert@hpe.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}