CVE-2019-5394

The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration.

CVSS v3 5.1 MEDIUM
CVSS v2.0 4.9 MEDIUM

5.1^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H

Exploitability : 0.3 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:H/Au:M/C:P/I:P/A:C

Exploitability : 1.2 / Impact : 8.5

Access Vector LOCAL

Access Complexity HIGH

Authentication MULTIPLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact COMPLETE

References

Link	Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03925en_us	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hp:blade_maintenance_entity::::::::
	cpe:2.3:a:hp:integrated_maintenance_entity::::::::
	cpe:2.3:a:hp:maintenance_entity::::::::

History

No history.

Information

Published : 2019-06-05 18:29

Updated : 2024-02-28 17:08

NVD link : CVE-2019-5394

Mitre link : CVE-2019-5394

CVE.ORG link : CVE-2019-5394

JSON object : View

Products Affected

hp

maintenance_entity
integrated_maintenance_entity
blade_maintenance_entity

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-5394", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:M/C:P/I:P/A:C", "authentication": "MULTIPLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 8.5, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 1.2, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 0.3}]}, "published": "2019-06-05T18:29:01.137", "references": [{"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03925en_us", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration."}, {"lang": "es", "value": "La familia de productos HPE Nonstop Maintenance Entity es vulnerable a la divulgaci\u00f3n de informaci\u00f3n local, tales como el dise\u00f1o y la configuraci\u00f3n del sistema."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:blade_maintenance_entity:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9733837-47A3-4D07-AAED-1ADB522D96CE", "versionEndIncluding": "t4805a01\\^aax", "versionStartIncluding": "t4805a01"}, {"criteria": "cpe:2.3:a:hp:integrated_maintenance_entity:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82578489-79EA-455A-BAA4-9DF3B2E5CAF7", "versionEndIncluding": "t1805a01\\^aag", "versionStartIncluding": "t1805a01"}, {"criteria": "cpe:2.3:a:hp:maintenance_entity:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51E1B281-6279-4EA6-B085-A2A397E47269", "versionEndIncluding": "t2805a01\\^aat", "versionStartIncluding": "t2805a01"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}