2 matches found
CVE-2019-11994
The CVE-2019-11994 issue affects HPE SimpliVity products (380 Gen 9/10, 380 Gen 10 G, 2600 Gen 10, OmniCube, OmniStack for Cisco/Lenovo/Dell). The root cause is an API that, during upgrade, does not properly prevent directory traversal, allowing unauthenticated remote execution of manifest files....
CVE-2019-11993
CVE-2019-11993 affects HPE SimpliVity 380 Gen 9/10, 380 Gen 10 G, 2600 Gen 10, OmniCube/OmniStack variants for Cisco/Lenovo/Dell. The root cause is two now-deprecated APIs that run with root privileges, accept a file name path, and can create or delete arbitrary files on the nodes. These APIs are...