8

CVE-2022-37928

Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HpeSf100 Firmware SwEditionltsr Version < 5.2.1.900
   HpeSf100 Version-
HpeSf100 Firmware Version5.3.0.0 SwEdition-
   HpeSf100 Version-
HpeSf300 Firmware SwEditionltsr Version < 5.2.1.900
   HpeSf300 Version-
HpeSf300 Firmware Version5.3.0.0 SwEdition-
   HpeSf300 Version-
HpeHf60c Firmware SwEditionltsr Version < 5.2.1.900
   HpeHf60c Version-
HpeHf60c Firmware Version5.3.0.0 SwEdition-
   HpeHf60c Version-
HpeHf40c Firmware SwEditionltsr Version < 5.2.1.900
   HpeHf40c Version-
HpeHf40c Firmware Version5.3.0.0 SwEdition-
   HpeHf40c Version-
HpeHf20 Firmware SwEditionltsr Version < 5.2.1.900
   HpeHf20 Version-
HpeHf20 Firmware Version5.3.0.0 SwEdition-
   HpeHf20 Version-
HpeHf40 Firmware SwEditionltsr Version < 5.2.1.900
   HpeHf40 Version-
HpeHf40 Firmware Version5.3.0.0 SwEdition-
   HpeHf40 Version-
HpeHf60 Firmware SwEditionltsr Version < 5.2.1.900
   HpeHf60 Version-
HpeHf60 Firmware Version5.3.0.0 SwEdition-
   HpeHf60 Version-
HpeHf20h Firmware SwEditionltsr Version < 5.2.1.900
   HpeHf20h Version-
HpeHf20h Firmware Version5.3.0.0 SwEdition-
   HpeHf20h Version-
HpeHf20c Firmware SwEditionltsr Version < 5.2.1.900
   HpeHf20c Version-
HpeHf20c Firmware Version5.3.0.0 SwEdition-
   HpeHf20c Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.422
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
security-alert@hpe.com 8 2.1 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.