Lucene search

[email protected]CVE-2022-28624

HistoryJul 08, 2022 - 1:15 p.m.

CVE-2022-28624

2022-07-0813:15:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-28624

hpe

flexnetwork

flexfabric

xss

security vulnerability

software updates

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.9 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

22.4%

JSON

A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE FlexNetwork 5130EL_7.10.R3507P02 and HPE FlexFabric 5945_7.10.R6635.

CPENameOperatorVersion
hpe:flexnetwork_5130_ei_firmwarehpe flexnetwork 5130 ei firmwareeq7.10.r3507p02
hpe:flexfabric_5945_firmwarehpe flexfabric 5945 firmwareeq7.10.r6635

CPE	Name	Operator	Version
hpe:flexnetwork_5130_ei_firmware	hpe flexnetwork 5130 ei firmware	eq	7.10.r3507p02
hpe:flexfabric_5945_firmware	hpe flexfabric 5945 firmware	eq	7.10.r6635

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04265en_us

Social References

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.9 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

22.4%

JSON

Related for CVE-2022-28624

cvelist1 prion1