CVE-2020-7132

{"id": "CVE-2020-7132", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2020-04-23T18:15:11.840", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf03988en_us", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03988en_us", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Onboard Administrator. * OA 4.95 (Linux and Windows)."}, {"lang": "es", "value": "Ha sido identificado una posible vulnerabilidad de seguridad en HPE Onboard Administrator. La vulnerabilidad podr\u00eda ser explotada remotamente para permitir un ataque de tipo Cross Site Scripting Reflejado. HPE ha realizado las siguientes actualizaciones de software e informaci\u00f3n de mitigaci\u00f3n para resolver la vulnerabilidad en HPE Onboard Administrator. * OA versi\u00f3n 4.95 (Linux y Windows)."}], "lastModified": "2020-04-30T19:59:07.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:onboard_administrator:4.85:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A1F31C7-2B56-4491-B6C2-5590F5705F5E"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}