CVE-2022-37931 - OpenCVE

A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Nonstop Netbatch-plus

Configuration 1 [-]

OR	cpe:2.3:a:hp:nonstop_netbatch-plus::::::::
	cpe:2.3:a:hp:nonstop_netbatch-plus::::::::

No data.

References

Link	Providers
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04388en_us

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2022-11-22T04:39:30.511Z

Updated: 2024-08-03T10:37:42.567Z

Reserved: 2022-08-08T18:49:44.386Z

Link: CVE-2022-37931

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-22T05:15:11.153

Modified: 2023-11-07T03:49:56.617

Link: CVE-2022-37931

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-37931", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14", "dateReserved": "2022-08-08T18:49:44.386Z", "datePublished": "2022-11-22T04:39:30.511Z", "dateUpdated": "2024-08-03T10:37:42.567Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["HPE NonStop Server"], "product": "NetBatch-Plus software", "vendor": "HPE", "versions": [{"status": "affected", "version": "T9189L01 - T9189L01^ABY"}, {"status": "affected", "version": "T9189H01 \u2013 T9189H01^ABW"}]}], "datePublic": "2022-11-18T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability in NetBatch-Plus software allows unauthorized access to the application. \n\nHPE has provided a workaround and fix. Please refer to HPE Security Bulletin \n\n<span style=\"background-color: rgb(255, 255, 255);\">HPESBNS04388 </span>\n\nfor details.<br>"}], "value": "A vulnerability in NetBatch-Plus software allows unauthorized access to the application.\u00a0\n\nHPE has provided a workaround and fix. Please refer to HPE Security Bulletin \n\nHPESBNS04388 \n\nfor details.\n"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2022-11-22T04:39:30.511Z"}, "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04388en_us"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Please refer to HPE Security Bulletin \n\n<span style=\"background-color: rgb(255, 255, 255);\">HPESBNS04388 </span>\n\n"}], "value": "Please refer to HPE Security Bulletin\u00a0\n\nHPESBNS04388 \n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "A vulnerability in NetBatch-Plus software allows unauthorized access to the application", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:37:42.567Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04388en_us", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:nonstop_netbatch-plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5092EAF-D62E-489B-8C2C-2590CBB356DD", "versionEndExcluding": "t9189h01\\^abw", "versionStartIncluding": "t9189h01", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:nonstop_netbatch-plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "468AC7D6-1CF2-4376-95EC-AD468A05519B", "versionEndExcluding": "t9189l01\\^aby", "versionStartIncluding": "t9189l01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in NetBatch-Plus software allows unauthorized access to the application.\u00a0\n\nHPE has provided a workaround and fix. Please refer to HPE Security Bulletin \n\nHPESBNS04388 \n\nfor details.\n"}, {"lang": "es", "value": "Una vulnerabilidad en el software NetBatch-Plus permite el acceso no autorizado a la aplicaci\u00f3n. HPE ha proporcionado un workaround. Consulte el bolet\u00edn de seguridad de HPE HPESBNS04388 para obtener m\u00e1s detalles."}], "id": "CVE-2022-37931", "lastModified": "2023-11-07T03:49:56.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.5, "source": "security-alert@hpe.com", "type": "Secondary"}]}, "published": "2022-11-22T05:15:11.153", "references": [{"source": "security-alert@hpe.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04388en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "security-alert@hpe.com", "type": "Secondary"}]}