PT-2022-19106 · Hewlett Packard · Hpe Nimble Storage

Published

2022-05-20

Updated

2022-06-07

CVE-2022-28618

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HPE Nimble Storage versions prior to 5.0.10.100 HPE Nimble Storage versions prior to 5.2.1.0 HPE Nimble Storage versions prior to 6.0.0.100

Description A command injection security issue has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays. This could allow an attacker to execute arbitrary commands on a Nimble appliance.

Recommendations For versions prior to 5.0.10.100, update to version 5.0.10.100 or later. For versions prior to 5.2.1.0, update to version 5.2.1.0 or later. For versions prior to 6.0.0.100, update to version 6.0.0.100 or later.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2022-28618

Affected Products

Hpe Nimble Storage

PT-2022-19106 · Hewlett Packard · Hpe Nimble Storage

CVE-2022-28618

Weakness Enumeration

Related Identifiers

Affected Products

References · 4