CVE-2022-37933

{"id": "CVE-2022-37933", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 1.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-01-05T07:15:09.997", "references": [{"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04400en_us", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04400en_us", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made the following software updates to resolve the vulnerability in HPE Superdome Flex firmware 3.60.50 and below and Superdome Flex 280 servers firmware 1.40.60 and below.\n\n"}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en los servidores HPE Superdome Flex y Superdome Flex 280. La vulnerabilidad podr\u00eda explotarse para permitir la inyecci\u00f3n local de datos no autorizados. HPE ha realizado las siguientes actualizaciones de software para resolver la vulnerabilidad en el firmware 3.60.50 e inferior de HPE Superdome Flex y en el firmware 1.40.60 e inferior de los servidores Superdome Flex 280."}], "lastModified": "2024-11-21T07:15:24.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:superdome_flex_280_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39095A62-D90B-427B-84D6-74CCD20E024A", "versionEndExcluding": "1.40.60"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hpe:superdome_flex_280:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F53FBDD9-3730-40BC-AF98-A5E89EC9FA18"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:superdome_flex_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21B960C7-35E5-4D54-82CC-BD9D4C6074E6", "versionEndExcluding": "3.60.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hpe:superdome_flex:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3CCD5CF2-7FF2-4BBA-96B1-6E8F45F8A7D8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security-alert@hpe.com"}