CVE-2020-7139

EUVD-2020-28273
Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
hpenimbleos
3.1.0.0 ≤
𝑥
≤ 3.9.3.0
hpenimbleos
4.1.0.0 ≤
𝑥
≤ 4.5.6.0
hpenimbleos
5.0.1.0 ≤
𝑥
≤ 5.0.9.0
hpenimbleos
5.1.0.0 ≤
𝑥
≤ 5.1.4.100
𝑥
= Vulnerable software versions
References
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03991en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03991en_us