Search
Find a vulnerability
Search criteria
12 vulnerabilities found for nimbleos by hpe
CVE-2022-28618 (GCVE-0-2022-28618)
Vulnerability from nvd – Published: 2022-05-20 20:50 – Updated: 2024-08-03 05:56
VLAI
Summary
A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.
Severity
No CVSS data available.
CWE
- remote arbitrary code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays |
Affected:
5.0.10.0 and earlier
Affected: 5.2.1.400 and earlier Affected: and 5.3.1.0 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04276en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.0.10.0 and earlier"
},
{
"status": "affected",
"version": "5.2.1.400 and earlier"
},
{
"status": "affected",
"version": "and 5.3.1.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T20:50:19.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04276en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"version": {
"version_data": [
{
"version_value": "5.0.10.0 and earlier"
},
{
"version_value": "5.2.1.400 and earlier"
},
{
"version_value": "and 5.3.1.0 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04276en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04276en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28618",
"datePublished": "2022-05-20T20:50:19.000Z",
"dateReserved": "2022-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:56:16.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23705 (GCVE-0-2022-23705)
Vulnerability from nvd – Published: 2022-05-09 20:20 – Updated: 2024-08-03 03:51
VLAI
Summary
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.
Severity
No CVSS data available.
CWE
- remote bypass security restrictions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays |
Affected:
5.0.10.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04273en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.0.10.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote bypass security restrictions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-09T20:20:57.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04273en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"version": {
"version_data": [
{
"version_value": "5.0.10.0 and earlier"
},
{
"version_value": "5.0.10.0 and earlier"
},
{
"version_value": "5.0.10.0 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote bypass security restrictions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04273en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04273en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23705",
"datePublished": "2022-05-09T20:20:57.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:51:45.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23703 (GCVE-0-2022-23703)
Vulnerability from nvd – Published: 2022-04-12 16:11 – Updated: 2024-08-03 03:51
VLAI
Summary
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100
Severity
No CVSS data available.
CWE
- remote code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays |
Affected:
5.3.1.0 and earlier, 5.2.1.400 and earlier and 5.0.10.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04268en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.3.1.0 and earlier, 5.2.1.400 and earlier and 5.0.10.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T16:11:37.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04268en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"version": {
"version_data": [
{
"version_value": "5.3.1.0 and earlier, 5.2.1.400 and earlier and 5.0.10.0 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04268en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04268en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23703",
"datePublished": "2022-04-12T16:11:37.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:51:46.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7139 (GCVE-0-2020-7139)
Vulnerability from nvd – Published: 2020-05-19 22:07 – Updated: 2024-08-04 09:18
VLAI
Summary
Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
Severity
No CVSS data available.
CWE
- remote unauthorized access to sensitive information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays |
Affected:
3.9.2.0 and older, 4.5.5.0 and older, 5.0.8.0 and older, 5.1.4.0 and older
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:03.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03991en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.9.2.0 and older, 4.5.5.0 and older, 5.0.8.0 and older, 5.1.4.0 and older"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote unauthorized access to sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-19T22:07:42.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03991en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-7139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"version": {
"version_data": [
{
"version_value": "3.9.2.0 and older, 4.5.5.0 and older, 5.0.8.0 and older, 5.1.4.0 and older"
},
{
"version_value": "3.9.2.0 and older, 4.5.5.0 and older, 5.0.8.0 and older, 5.1.4.0 and older"
},
{
"version_value": "3.9.2.0 and older, 4.5.5.0 and older, 5.0.8.0 and older, 5.1.4.0 and older"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote unauthorized access to sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03991en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03991en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-7139",
"datePublished": "2020-05-19T22:07:42.000Z",
"dateReserved": "2020-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:18:03.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7138 (GCVE-0-2020-7138)
Vulnerability from nvd – Published: 2020-05-19 22:11 – Updated: 2024-08-04 09:18
VLAI
Summary
Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
Severity
No CVSS data available.
CWE
- remote code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays |
Affected:
3.9.2.0 and older 4.5.5.0 and older 5.0.8.0 and older 5.1.4.0 and older
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:03.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03992en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.9.2.0 and older 4.5.5.0 and older 5.0.8.0 and older 5.1.4.0 and older"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-19T22:11:33.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03992en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-7138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"version": {
"version_data": [
{
"version_value": "3.9.2.0 and older 4.5.5.0 and older 5.0.8.0 and older 5.1.4.0 and older"
},
{
"version_value": "3.9.2.0 and older 4.5.5.0 and older 5.0.8.0 and older 5.1.4.0 and older"
},
{
"version_value": "3.9.2.0 and older 4.5.5.0 and older 5.0.8.0 and older 5.1.4.0 and older"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03992en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03992en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-7138",
"datePublished": "2020-05-19T22:11:33.000Z",
"dateReserved": "2020-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:18:03.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11996 (GCVE-0-2019-11996)
Vulnerability from nvd – Published: 2019-11-07 18:23 – Updated: 2024-08-04 23:10
VLAI
Summary
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0.
Severity
No CVSS data available.
CWE
- remote disclosure of information; remote elevation of privilege; remote multiple vulnerabilities
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays |
Affected:
5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03964en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote disclosure of information; remote elevation of privilege; remote multiple vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T20:09:20.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03964en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-11996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"version": {
"version_data": [
{
"version_value": "5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older"
},
{
"version_value": "5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older"
},
{
"version_value": "5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote disclosure of information; remote elevation of privilege; remote multiple vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03964en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03964en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-11996",
"datePublished": "2019-11-07T18:23:20.000Z",
"dateReserved": "2019-05-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:30.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28618 (GCVE-0-2022-28618)
Vulnerability from cvelistv5 – Published: 2022-05-20 20:50 – Updated: 2024-08-03 05:56
VLAI
Summary
A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.
Severity
No CVSS data available.
CWE
- remote arbitrary code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays |
Affected:
5.0.10.0 and earlier
Affected: 5.2.1.400 and earlier Affected: and 5.3.1.0 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04276en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.0.10.0 and earlier"
},
{
"status": "affected",
"version": "5.2.1.400 and earlier"
},
{
"status": "affected",
"version": "and 5.3.1.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T20:50:19.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04276en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"version": {
"version_data": [
{
"version_value": "5.0.10.0 and earlier"
},
{
"version_value": "5.2.1.400 and earlier"
},
{
"version_value": "and 5.3.1.0 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04276en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04276en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28618",
"datePublished": "2022-05-20T20:50:19.000Z",
"dateReserved": "2022-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:56:16.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23705 (GCVE-0-2022-23705)
Vulnerability from cvelistv5 – Published: 2022-05-09 20:20 – Updated: 2024-08-03 03:51
VLAI
Summary
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.
Severity
No CVSS data available.
CWE
- remote bypass security restrictions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays |
Affected:
5.0.10.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04273en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.0.10.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote bypass security restrictions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-09T20:20:57.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04273en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"version": {
"version_data": [
{
"version_value": "5.0.10.0 and earlier"
},
{
"version_value": "5.0.10.0 and earlier"
},
{
"version_value": "5.0.10.0 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote bypass security restrictions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04273en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04273en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23705",
"datePublished": "2022-05-09T20:20:57.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:51:45.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23703 (GCVE-0-2022-23703)
Vulnerability from cvelistv5 – Published: 2022-04-12 16:11 – Updated: 2024-08-03 03:51
VLAI
Summary
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100
Severity
No CVSS data available.
CWE
- remote code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays |
Affected:
5.3.1.0 and earlier, 5.2.1.400 and earlier and 5.0.10.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04268en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.3.1.0 and earlier, 5.2.1.400 and earlier and 5.0.10.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T16:11:37.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04268en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"version": {
"version_data": [
{
"version_value": "5.3.1.0 and earlier, 5.2.1.400 and earlier and 5.0.10.0 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04268en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04268en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23703",
"datePublished": "2022-04-12T16:11:37.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:51:46.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7138 (GCVE-0-2020-7138)
Vulnerability from cvelistv5 – Published: 2020-05-19 22:11 – Updated: 2024-08-04 09:18
VLAI
Summary
Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
Severity
No CVSS data available.
CWE
- remote code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays |
Affected:
3.9.2.0 and older 4.5.5.0 and older 5.0.8.0 and older 5.1.4.0 and older
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:03.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03992en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.9.2.0 and older 4.5.5.0 and older 5.0.8.0 and older 5.1.4.0 and older"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-19T22:11:33.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03992en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-7138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"version": {
"version_data": [
{
"version_value": "3.9.2.0 and older 4.5.5.0 and older 5.0.8.0 and older 5.1.4.0 and older"
},
{
"version_value": "3.9.2.0 and older 4.5.5.0 and older 5.0.8.0 and older 5.1.4.0 and older"
},
{
"version_value": "3.9.2.0 and older 4.5.5.0 and older 5.0.8.0 and older 5.1.4.0 and older"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03992en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03992en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-7138",
"datePublished": "2020-05-19T22:11:33.000Z",
"dateReserved": "2020-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:18:03.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7139 (GCVE-0-2020-7139)
Vulnerability from cvelistv5 – Published: 2020-05-19 22:07 – Updated: 2024-08-04 09:18
VLAI
Summary
Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
Severity
No CVSS data available.
CWE
- remote unauthorized access to sensitive information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays |
Affected:
3.9.2.0 and older, 4.5.5.0 and older, 5.0.8.0 and older, 5.1.4.0 and older
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:03.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03991en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.9.2.0 and older, 4.5.5.0 and older, 5.0.8.0 and older, 5.1.4.0 and older"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote unauthorized access to sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-19T22:07:42.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03991en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-7139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"version": {
"version_data": [
{
"version_value": "3.9.2.0 and older, 4.5.5.0 and older, 5.0.8.0 and older, 5.1.4.0 and older"
},
{
"version_value": "3.9.2.0 and older, 4.5.5.0 and older, 5.0.8.0 and older, 5.1.4.0 and older"
},
{
"version_value": "3.9.2.0 and older, 4.5.5.0 and older, 5.0.8.0 and older, 5.1.4.0 and older"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote unauthorized access to sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03991en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03991en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-7139",
"datePublished": "2020-05-19T22:07:42.000Z",
"dateReserved": "2020-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:18:03.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11996 (GCVE-0-2019-11996)
Vulnerability from cvelistv5 – Published: 2019-11-07 18:23 – Updated: 2024-08-04 23:10
VLAI
Summary
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0.
Severity
No CVSS data available.
CWE
- remote disclosure of information; remote elevation of privilege; remote multiple vulnerabilities
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays |
Affected:
5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03964en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote disclosure of information; remote elevation of privilege; remote multiple vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T20:09:20.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03964en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2019-11996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
"version": {
"version_data": [
{
"version_value": "5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older"
},
{
"version_value": "5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older"
},
{
"version_value": "5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote disclosure of information; remote elevation of privilege; remote multiple vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03964en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03964en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2019-11996",
"datePublished": "2019-11-07T18:23:20.000Z",
"dateReserved": "2019-05-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:30.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}