CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2020-24624 – Hewlett Packard Enterprise Pay per use UCS Meter DownloadServlet execute Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-24624
Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. Un salto de directorio no autenticado en el método execute() de la clase DownloadServlet puede conllevar a lecturas de archivos arbitrarias en el HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter versión 1.9 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Pay per use UCS Meter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04037en_us • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 124EXPL: 0CVE-2020-7205
https://notcve.org/view.php?id=CVE-2020-7205
A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. **Note:** This vulnerability is related to using insmod in GRUB2 in the specific impacted HPE product and HPE is addressing this issue. HPE has made the following software updates and mitigation information to resolve the vulnerability in Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. HPE provided latest Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting Toolkit which includes the GRUB2 patch to resolve this vulnerability. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04020en_us •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-7138
https://notcve.org/view.php?id=CVE-2020-7138
Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100 Se han identificado potenciales vulnerabilidades de seguridad en la ejecución de código remota con los sistemas HPE Nimble Storage que podrían ser explotadas por un atacante para alcanzar privilegios elevados en la matriz. Las siguientes versiones de NimbleOS, y todas las posteriores, contienen una corrección de software para esta vulnerabilidad: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100 • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03992en_us •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2020-7139
https://notcve.org/view.php?id=CVE-2020-7139
Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100 Se han identificado potenciales vulnerabilidades de seguridad en el acceso remoto con los sistemas HPE Nimble Storage que podrían ser explotadas por un atacante para acceder y modificar información confidencial del sistema. Las siguientes versiones de NimbleOS, y todas las posteriores, contienen una corrección de software para esta vulnerabilidad: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100 • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03991en_us •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7137
https://notcve.org/view.php?id=CVE-2020-7137
A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue. Un problema de comprobación en el componente RMC de HPE Superdome Flex, puede permitir una elevación local de privilegios. Aplique HPE Superdome Flex Server versiones 3.25.46 o superiores para resolver este problema. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04004en_us • CWE-20: Improper Input Validation •