DATABASE RESOURCES PRICING ABOUT US

{"id": "HPE_EIM_CVE-2020-7199.NBIN", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "HPE Edgeline Infrastructure Manager Authentication Bypass", "description": "The HPE Edgeline Infrastructure Manager running on the remote host Manager is affected by an authentication bypass vulnerability due to improper access control to private URLs. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP message, to reset the Administrator and root passwords. The attacker can then SSH to remote host as root.", "published": "2021-02-24T00:00:00", "modified": "2022-06-28T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/146806", "reporter": "This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7199", "http://www.nessus.org/u?25a5dea8"], "cvelist": ["CVE-2020-7199"], "immutableFields": [], "lastseen": "2022-06-29T14:39:12", "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-7199"]}], "rev": 4}, "score": {"value": 6.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-7199"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107444"]}]}, "exploitation": null, "vulnersScore": 6.2}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "pluginID": "146806", "sourceData": "Binary data hpe_eim_cve-2020-7199.nbin", "naslFamily": "CGI abuses", "cpe": ["cpe:/a:hp:edgeline_infrastructure_manager"], "solution": "Upgrade to HPE Edgeline Infrastructure Manager version 1.21 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2020-7199", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-11-30T00:00:00", "vulnerabilityPublicationDate": "2020-11-30T00:00:00", "exploitableWith": []}

{"cve": [{"lastseen": "2022-03-23T18:52:26", "description": "A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-02T01:15:00", "type": "cve", "title": "CVE-2020-7199", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-7199"], "modified": "2020-12-04T21:29:00", "cpe": [], "id": "CVE-2020-7199", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7199", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}]}