VAR-201907-0584
Vulnerability from variot - Updated: 2024-11-23 21:52Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: * For customers with release UIoT 1.6, fixes are made available with 1.6 RP603 * For customers with release UIoT 1.5, fixes are made available with 1.5 RP503 HF3 * For customers with release older than 1.5, such as 1.4.0, 1.4.1, 1.4.2 and 1.2.4.2, the resolution will be to upgrade to 1.5 RP503 HF3 or 1.6 RP603 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance. HPE UIoT Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state.
There are security holes in HPE UIoT. HPE UIoT is a universal IoT platform from Hewlett Packard Enterprise (HPE). The platform has functions such as data analysis, currency security and synchronization management. The following products and versions are affected: HPE UIoT Version 1.6, Version 1.5, Version 1.4.2, Version 1.4.1, Version 1.4.0, Version 1.2.4.2. HP UIoT is prone to an unauthorized-access vulnerability. HP UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0584",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "universal internet of things",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.4.0"
},
{
"model": "universal internet of things",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.4.2"
},
{
"model": "universal internet of things",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.5"
},
{
"model": "universal internet of things",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.6"
},
{
"model": "universal internet of things",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.4.1"
},
{
"model": "universal internet of things",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.2.4.2"
},
{
"model": "hpe uiot",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.2.4.2"
},
{
"model": "hpe uiot",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.4.0"
},
{
"model": "hpe uiot",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.4.1"
},
{
"model": "hpe uiot",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.4.2"
},
{
"model": "hpe uiot",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.5"
},
{
"model": "hpe uiot",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.6"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.5"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.4.0"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.4.1"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.4.2"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.2.4.2"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.6,
"vendor": "hpe",
"version": "1.6"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4.2"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4.1"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.6"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.5"
},
{
"model": "uiot",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2.4.2"
},
{
"model": "uiot rp603",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.6"
},
{
"model": "uiot rp503 hf3",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24255"
},
{
"db": "BID",
"id": "109353"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006721"
},
{
"db": "NVD",
"id": "CVE-2019-11990"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hp:universal_internet_of_things",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006721"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "109353"
}
],
"trust": 0.3
},
"cve": "CVE-2019-11990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-11990",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-24255",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-11990",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11990",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-11990",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-24255",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-1140",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24255"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006721"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1140"
},
{
"db": "NVD",
"id": "CVE-2019-11990"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: * For customers with release UIoT 1.6, fixes are made available with 1.6 RP603 * For customers with release UIoT 1.5, fixes are made available with 1.5 RP503 HF3 * For customers with release older than 1.5, such as 1.4.0, 1.4.1, 1.4.2 and 1.2.4.2, the resolution will be to upgrade to 1.5 RP503 HF3 or 1.6 RP603 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance. HPE UIoT Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \n\r\n\r\nThere are security holes in HPE UIoT. HPE UIoT is a universal IoT platform from Hewlett Packard Enterprise (HPE). The platform has functions such as data analysis, currency security and synchronization management. The following products and versions are affected: HPE UIoT Version 1.6, Version 1.5, Version 1.4.2, Version 1.4.1, Version 1.4.0, Version 1.2.4.2. HP UIoT is prone to an unauthorized-access vulnerability. \nHP UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11990"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006721"
},
{
"db": "CNVD",
"id": "CNVD-2019-24255"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1140"
},
{
"db": "BID",
"id": "109353"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11990",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006721",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-24255",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1140",
"trust": 0.6
},
{
"db": "BID",
"id": "109353",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24255"
},
{
"db": "BID",
"id": "109353"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006721"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1140"
},
{
"db": "NVD",
"id": "CVE-2019-11990"
}
]
},
"id": "VAR-201907-0584",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24255"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24255"
}
]
},
"last_update_date": "2024-11-23T21:52:07.472000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hpesbhf03937en_us",
"trust": 0.8,
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03937en_us"
},
{
"title": "Patch for HPE UIoT Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/171247"
},
{
"title": "HPE UIoT Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95137"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24255"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006721"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1140"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006721"
},
{
"db": "NVD",
"id": "CVE-2019-11990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11990"
},
{
"trust": 1.9,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03937en_us"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11990"
},
{
"trust": 0.3,
"url": "http://www.hp.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24255"
},
{
"db": "BID",
"id": "109353"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006721"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1140"
},
{
"db": "NVD",
"id": "CVE-2019-11990"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-24255"
},
{
"db": "BID",
"id": "109353"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006721"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1140"
},
{
"db": "NVD",
"id": "CVE-2019-11990"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-24255"
},
{
"date": "2019-07-05T00:00:00",
"db": "BID",
"id": "109353"
},
{
"date": "2019-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006721"
},
{
"date": "2019-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1140"
},
{
"date": "2019-07-19T22:15:11.480000",
"db": "NVD",
"id": "CVE-2019-11990"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-24255"
},
{
"date": "2019-07-05T00:00:00",
"db": "BID",
"id": "109353"
},
{
"date": "2019-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006721"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1140"
},
{
"date": "2024-11-21T04:22:07.143000",
"db": "NVD",
"id": "CVE-2019-11990"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1140"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HPE UIoT Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006721"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1140"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…