CVE-2018-7111

EUVD-2018-18854
A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is that the info can be changed by other users.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
hpuniversal_internet_of_things
1.2.4.2
hpuniversal_internet_of_things
1.4.0
hpuniversal_internet_of_things
1.4.1
hpuniversal_internet_of_things
1.4.2
hpuniversal_internet_of_things
1.5
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/105704
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03891en_us
https://exchange.xforce.ibmcloud.com/vulnerabilities/151691
http://www.securityfocus.com/bid/105704
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03891en_us