PT-2018-17910 · Hewlett Packard · Hpe Device Entitlement Gateway

Published

2018-09-27

Updated

2018-11-21

CVE-2018-7107

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HPE Device Entitlement Gateway versions 3.2.4 through 3.3.1

Description A potential security issue has been identified that could be remotely exploited, allowing local SQL injection and elevation of privilege.

Recommendations For versions 3.2.4 through 3.3.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-7107

Affected Products

Hpe Device Entitlement Gateway

PT-2018-17910 · Hewlett Packard · Hpe Device Entitlement Gateway

CVE-2018-7107

Weakness Enumeration

Related Identifiers

Affected Products

References · 3