CVE-2022-23702

EUVD-2022-28641
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware update. HPE Superdome Flex Server Version 3.50.58 or later, HPE Superdome Flex 280 Server Version 1.20.204 or later.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
hpesuperdome_flex_server_firmware
𝑥
< 3.50.58
hpesuperdome_flex_280_server_firmware
𝑥
< 1.20.204
𝑥
= Vulnerable software versions
References
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04266en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04266en_us