{"containers": {"cna": {"affected": [{"product": "HPE 3PAR StoreServ Management and Core Software Media", "vendor": "n/a", "versions": [{"status": "affected", "version": "prior to 3.7.0.0"}]}], "descriptions": [{"lang": "en", "value": "SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later."}], "problemTypes": [{"descriptions": [{"description": "remote authentication bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-26T15:09:19", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04045en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2020-7197", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HPE 3PAR StoreServ Management and Core Software Media", "version": {"version_data": [{"version_value": "prior to 3.7.0.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote authentication bypass"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04045en_us", "refsource": "MISC", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04045en_us"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:25:48.146Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04045en_us"}]}]}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2020-7197", "datePublished": "2020-10-26T15:09:19", "dateReserved": "2020-01-16T00:00:00", "dateUpdated": "2024-08-04T09:25:48.146Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:storeserv_management_console:*:*:*:*:*:*:*:*", "matchCriteriaId": "4153DA60-0C6A-4FEC-ABA0-BD0A32230530", "versionEndExcluding": "3.7.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later."}, {"lang": "es", "value": "SSMC3.7.0.0 es vulnerable a una omisi\u00f3n de autenticaci\u00f3n remota. HPE StoreServ Management Console (SSMC) versi\u00f3n 3.7.0.0, es una aplicaci\u00f3n web de administrador de m\u00faltiples matrices fuera del nodo y permanece aislada de los datos en las matrices administradas. HPE ha proporcionado una actualizaci\u00f3n del software HPE StoreServ Management Console (SSMC) versi\u00f3n 3.7.0.0* Actualizado a HPE 3PAR StoreServ Management Console versi\u00f3n 3.7.1.1 o posteriores"}], "id": "CVE-2020-7197", "lastModified": "2024-11-21T05:36:48.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-26T16:15:14.173", "references": [{"source": "security-alert@hpe.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04045en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04045en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}