Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-28618

Опубликовано: 20 мая 2022
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
Версия до 5.0.10.100 (исключая)
cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
Версия от 5.1.0.0 (включая) до 5.2.1.500 (исключая)
cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
Версия от 5.3.0.0 (включая) до 6.0.0.100 (исключая)

Одно из

cpe:2.3:h:hpe:nimble_storage_all_flash_arrays:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_hybrid_flash_arrays:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_secondary_flash_arrays:-:*:*:*:*:*:*:*

EPSS

Процентиль: 86%
0.03023
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-77

Связанные уязвимости

github логотип

GHSA-xvr4-pc95-4727

CVSS3: 9.8
github
больше 3 лет назад

A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.

EPSS

Процентиль: 86%
0.03023
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-77