VAR-201810-1151
Vulnerability from variot - Updated: 2024-11-23 22:38A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is that the info can be changed by other users. HPE UIoT is a universal IoT platform from Hewlett Packard Enterprise (HPE). The platform has functions such as data analysis, currency security and synchronization management. A remote attacker could use this vulnerability to change other user information. The following versions are affected: HPE UIoT 1.5 version, 1.4.0 version, 1.4.1 version, 1.4.2 version, 1.2.4.2 version. HP UIoT is prone to an unauthorized-access vulnerability. Successful exploits may allow an attacker to obtain sensitive information or gain unauthorized administrative access. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-1151",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "universal internet of things",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.4.0"
},
{
"model": "universal internet of things",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.4.2"
},
{
"model": "universal internet of things",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.5"
},
{
"model": "universal internet of things",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.4.1"
},
{
"model": "universal internet of things",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.2.4.2"
},
{
"model": "hpe uiot",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.2.4.2"
},
{
"model": "hpe uiot",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.4.0"
},
{
"model": "hpe uiot",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.4.1"
},
{
"model": "hpe uiot",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.4.2"
},
{
"model": "hpe uiot",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.5"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.5"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.4.0"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.4.1"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.4.2"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.2.4.2"
},
{
"model": "universal internet of things",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.4.0"
},
{
"model": "universal internet of things",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.5"
},
{
"model": "universal internet of things",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.2.4.2"
},
{
"model": "universal internet of things",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.4.1"
},
{
"model": "universal internet of things",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.4.2"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4.2"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4.1"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.5"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2.4.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24254"
},
{
"db": "BID",
"id": "105704"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013632"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1017"
},
{
"db": "NVD",
"id": "CVE-2018-7111"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hp:universal_internet_of_things",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013632"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "BID",
"id": "105704"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7111",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7111",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-24254",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7111",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7111",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7111",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-24254",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1017",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24254"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013632"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1017"
},
{
"db": "NVD",
"id": "CVE-2018-7111"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is that the info can be changed by other users. HPE UIoT is a universal IoT platform from Hewlett Packard Enterprise (HPE). The platform has functions such as data analysis, currency security and synchronization management. A remote attacker could use this vulnerability to change other user information. The following versions are affected: HPE UIoT 1.5 version, 1.4.0 version, 1.4.1 version, 1.4.2 version, 1.2.4.2 version. HP UIoT is prone to an unauthorized-access vulnerability. \nSuccessful exploits may allow an attacker to obtain sensitive information or gain unauthorized administrative access. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7111"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013632"
},
{
"db": "CNVD",
"id": "CNVD-2019-24254"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1017"
},
{
"db": "BID",
"id": "105704"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7111",
"trust": 3.3
},
{
"db": "BID",
"id": "105704",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013632",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-24254",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1017",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24254"
},
{
"db": "BID",
"id": "105704"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013632"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1017"
},
{
"db": "NVD",
"id": "CVE-2018-7111"
}
]
},
"id": "VAR-201810-1151",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24254"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24254"
}
]
},
"last_update_date": "2024-11-23T22:38:02.400000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hpesbhf03891en_us",
"trust": 0.8,
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03891en_us"
},
{
"title": "Patch for HPE UIoT Unauthorized Access Vulnerability Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/171523"
},
{
"title": "HPE UIoT Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86082"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24254"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013632"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1017"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013632"
},
{
"db": "NVD",
"id": "CVE-2018-7111"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03891en_us"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105704"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151691"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7111"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7111"
},
{
"trust": 0.3,
"url": "http://www.hp.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24254"
},
{
"db": "BID",
"id": "105704"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013632"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1017"
},
{
"db": "NVD",
"id": "CVE-2018-7111"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-24254"
},
{
"db": "BID",
"id": "105704"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013632"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1017"
},
{
"db": "NVD",
"id": "CVE-2018-7111"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-24254"
},
{
"date": "2018-10-15T00:00:00",
"db": "BID",
"id": "105704"
},
{
"date": "2019-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013632"
},
{
"date": "2018-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1017"
},
{
"date": "2018-10-17T13:29:00.723000",
"db": "NVD",
"id": "CVE-2018-7111"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-24254"
},
{
"date": "2018-10-15T00:00:00",
"db": "BID",
"id": "105704"
},
{
"date": "2019-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013632"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1017"
},
{
"date": "2024-11-21T04:11:39.657000",
"db": "NVD",
"id": "CVE-2018-7111"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1017"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HPE UIoT Vulnerabilities in authorization, authority and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013632"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1017"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.