CVE-2022-28624

A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE FlexNetwork 5130EL_7.10.R3507P02 and HPE FlexFabric 5945_7.10.R6635.

CVSS v3 4.8 MEDIUM
CVSS v2.0 3.5 LOW

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04265en_us	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hpe:flexnetwork_5130_ei_firmware:7.10.r3507p02:*:*:*:*:*:*:*

cpe:2.3:h:hpe:flexnetwork_5130_ei:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:hpe:flexfabric_5945_firmware:7.10.r6635:*:*:*:*:*:*:*

cpe:2.3:h:hpe:flexfabric_5945:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-07-08 13:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-28624

Mitre link : CVE-2022-28624

CVE.ORG link : CVE-2022-28624

JSON object : View

Products Affected

hpe

flexnetwork_5130_ei
flexnetwork_5130_ei_firmware
flexfabric_5945_firmware
flexfabric_5945

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2022-28624", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2022-07-08T13:15:08.193", "references": [{"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04265en_us", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE FlexNetwork 5130EL_7.10.R3507P02 and HPE FlexFabric 5945_7.10.R6635."}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en algunos productos switch HPE FlexNetwork y FlexFabric. La vulnerabilidad podr\u00eda ser explotada remotamente para permitir un ataque de tipo cross site scripting (XSS). HPE ha realizado las siguientes actualizaciones de software para resolver la vulnerabilidad. HPE FlexNetwork versi\u00f3n 5130EL_7.10.R3507P02 y HPE FlexFabric versi\u00f3n 5945_7.10.R6635"}], "lastModified": "2022-07-16T00:05:10.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:flexnetwork_5130_ei_firmware:7.10.r3507p02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54654BA2-53DE-4CA9-8B59-3732ADB75663"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hpe:flexnetwork_5130_ei:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "40CC9302-1EDD-4348-A341-4BEB6A0D6AFD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:flexfabric_5945_firmware:7.10.r6635:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C961B785-2163-456B-9367-50EED04B8627"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hpe:flexfabric_5945:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D1FE27AB-09AB-4287-9CFE-C490200454F5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security-alert@hpe.com"}