Lucene search

[email protected]NVD:CVE-2020-24623

HistorySep 18, 2020 - 5:15 p.m.

CVE-2020-24623

2020-09-1817:15:12

CWE-89

[email protected]

web.nvd.nist.gov

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.5%

JSON

A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD).

Affected configurations

NVD

Node

hpeuniversal_api_frameworkRange<2.5.2microsoft_hyper-v

hpeuniversal_api_frameworkRange<2.5.2vmware_esxi

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04024en_us

www.zerodayinitiative.com/advisories/ZDI-20-1208/

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.5%

JSON

Related for NVD:CVE-2020-24623

zdi1 prion1 cve1 cvelist1