CVE-2019-11993

Name of the Vulnerable Software and Affected Versions HPE SimpliVity 380 Gen 9 versions prior to 3.7.10 HPE SimpliVity 380 Gen 10 versions prior to 3.7.10 HPE SimpliVity 380 Gen 10 G versions prior to 3.7.10 HPE SimpliVity 2600 Gen 10 versions prior to 3.7.10 SimpliVity OmniCube versions prior to 3.7.10 SimpliVity OmniStack for Cisco versions prior to 3.7.10 SimpliVity OmniStack for Lenovo versions prior to 3.7.10 SimpliVity OmniStack for Dell versions prior to 3.7.10 HPE OmniStack versions prior to 3.7.10

Description A security issue has been identified in certain HPE products, where two deprecated APIs, accessible over the management network, can be used to create or delete arbitrary files on the nodes without requiring user authentication. This results in remote availability and integrity vulnerabilities.

Recommendations For HPE SimpliVity 380 Gen 9, upgrade the OmniStack software to version 3.7.10 or later. For HPE SimpliVity 380 Gen 10, upgrade the OmniStack software to version 3.7.10 or later. For HPE SimpliVity 380 Gen 10 G, upgrade the OmniStack software to version 3.7.10 or later. For HPE SimpliVity 2600 Gen 10, upgrade the OmniStack software to version 3.7.10 or later. For SimpliVity OmniCube, upgrade the OmniStack software to version 3.7.10 or later. For SimpliVity OmniStack for Cisco, upgrade the OmniStack software to version 3.7.10 or later. For SimpliVity OmniStack for Lenovo, upgrade the OmniStack software to version 3.7.10 or later. For SimpliVity OmniStack for Dell, upgrade the OmniStack software to version 3.7.10 or later. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, implement the Temporary Workaround provided by HPE.