CVE-2022-28619

A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software update to resolve the vulnerability in HPE Version Control Repository Manager installer 7.6.14.0.

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04310en_us	Vendor Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04310en_us	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hpe:control_repository_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:57

Type	Values Removed	Values Added
References	~~() https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04310en_us - Vendor Advisory~~	() https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04310en_us - Vendor Advisory

06 Jul 2022, 12:40

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.6 v3 : 7.8
CPE		cpe:2.3:a:hpe:control_repository_manager::::::::
References	~~(MISC) https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04310en_us -~~	(MISC) https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04310en_us - Vendor Advisory

24 Jun 2022, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-06-24 15:15

Updated : 2024-11-21 06:57

NVD link : CVE-2022-28619

Mitre link : CVE-2022-28619

CVE.ORG link : CVE-2022-28619

JSON object : View

Products Affected

hpe

control_repository_manager

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-28619", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-06-24T15:15:10.257", "references": [{"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04310en_us", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04310en_us", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software update to resolve the vulnerability in HPE Version Control Repository Manager installer 7.6.14.0."}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en el instalador de HPE Version Control Repository Manager. La vulnerabilidad podr\u00eda permitir una escalada local de privilegios. HPE ha realizado la siguiente actualizaci\u00f3n de software para resolver la vulnerabilidad en el instalador de HPE Version Control Repository Manager versi\u00f3n 7.6.14.0"}], "lastModified": "2024-11-21T06:57:35.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hpe:control_repository_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E1CCBF5-81AB-4E80-9CC3-C7A7447E9761", "versionEndExcluding": "7.6.14.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}