CVE-2022-28624

{"id": "CVE-2022-28624", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2022-07-08T13:15:08.193", "references": [{"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04265en_us", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE FlexNetwork 5130EL_7.10.R3507P02 and HPE FlexFabric 5945_7.10.R6635."}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en algunos productos switch HPE FlexNetwork y FlexFabric. La vulnerabilidad podr\u00eda ser explotada remotamente para permitir un ataque de tipo cross site scripting (XSS). HPE ha realizado las siguientes actualizaciones de software para resolver la vulnerabilidad. HPE FlexNetwork versi\u00f3n 5130EL_7.10.R3507P02 y HPE FlexFabric versi\u00f3n 5945_7.10.R6635"}], "lastModified": "2022-07-16T00:05:10.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:flexnetwork_5130_ei_firmware:7.10.r3507p02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54654BA2-53DE-4CA9-8B59-3732ADB75663"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hpe:flexnetwork_5130_ei:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "40CC9302-1EDD-4348-A341-4BEB6A0D6AFD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:flexfabric_5945_firmware:7.10.r6635:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C961B785-2163-456B-9367-50EED04B8627"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hpe:flexfabric_5945:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D1FE27AB-09AB-4287-9CFE-C490200454F5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security-alert@hpe.com"}