CVE-2020-7138

Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:hpe:nimble_storage_af20_all_flash_array:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_af20q_all_flash_dual_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_af40_all_flash_dual_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_af60_all_flash_dual_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_af80_all_flash_dual_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_cs3000:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_cs5000:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_cs7000:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_secondary_flash_arrays:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:36

Type Values Removed Values Added
References () https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03992en_us - Vendor Advisory () https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03992en_us - Vendor Advisory

Information

Published : 2020-05-19 23:15

Updated : 2024-11-21 05:36


NVD link : CVE-2020-7138

Mitre link : CVE-2020-7138

CVE.ORG link : CVE-2020-7138


JSON object : View

Products Affected

hpe

  • nimble_storage_cs7000
  • nimble_storage_af20_all_flash_array
  • nimbleos
  • nimble_storage_af80_all_flash_dual_controller
  • nimble_storage_cs5000
  • nimble_storage_secondary_flash_arrays
  • nimble_storage_af20q_all_flash_dual_controller
  • nimble_storage_af40_all_flash_dual_controller
  • nimble_storage_cs3000
  • nimble_storage_af60_all_flash_dual_controller