CVE-2022-37939

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04453en_us	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hpe:superdome_flex_280_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:superdome_flex_280_server:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:hpe:superdome_flex_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:superdome_flex_server:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:49

Type	Values Removed	Values Added
Summary	A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8.	A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8.

Information

Published : 2023-03-10 21:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-37939

Mitre link : CVE-2022-37939

CVE.ORG link : CVE-2022-37939

JSON object : View

Products Affected

hpe

superdome_flex_280_server
superdome_flex_server
superdome_flex_server_firmware
superdome_flex_280_server_firmware

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-37939", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.8}]}, "published": "2023-03-10T21:15:12.303", "references": [{"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04453en_us", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8.\n\n"}], "lastModified": "2023-11-07T03:49:57.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:superdome_flex_280_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE972518-A726-44E3-9AF5-8730EA4E377F", "versionEndExcluding": "1.45.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hpe:superdome_flex_280_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72361B1C-8CC6-4398-8076-D2A52E13A97A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:superdome_flex_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23A35AD7-C115-41CC-B60D-E30B7406BE4B", "versionEndExcluding": "3.65.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hpe:superdome_flex_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "74B3DA6F-91D3-4C17-A34B-6AA6B9642B3F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security-alert@hpe.com"}