CVE-2022-37930

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04361en_us	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:hpe:sf100_firmware:::::ltsr:::*
	cpe:2.3:o:hpe:sf100_firmware:5.3.0.0::::-:::

cpe:2.3:h:hpe:sf100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:hpe:sf300_firmware:::::ltsr:::*
	cpe:2.3:o:hpe:sf300_firmware:5.3.0.0::::-:::

cpe:2.3:h:hpe:sf300:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:hpe:hf60c_firmware:::::ltsr:::*
	cpe:2.3:o:hpe:hf60c_firmware:5.3.0.0::::-:::

cpe:2.3:h:hpe:hf60c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:hpe:hf40c_firmware:::::ltsr:::*
	cpe:2.3:o:hpe:hf40c_firmware:5.3.0.0::::-:::

cpe:2.3:h:hpe:hf40c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:hpe:hf20_firmware:::::ltsr:::*
	cpe:2.3:o:hpe:hf20_firmware:5.3.0.0::::-:::

cpe:2.3:h:hpe:hf20:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:hpe:hf40_firmware:::::ltsr:::*
	cpe:2.3:o:hpe:hf40_firmware:5.3.0.0::::-:::

cpe:2.3:h:hpe:hf40:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:hpe:hf60_firmware:::::ltsr:::*
	cpe:2.3:o:hpe:hf60_firmware:5.3.0.0::::-:::

cpe:2.3:h:hpe:hf60:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:hpe:hf20h_firmware:::::ltsr:::*
	cpe:2.3:o:hpe:hf20h_firmware:5.3.0.0::::-:::

cpe:2.3:h:hpe:hf20h:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:hpe:hf20c_firmware:::::ltsr:::*
	cpe:2.3:o:hpe:hf20c_firmware:5.3.0.0::::-:::

cpe:2.3:h:hpe:hf20c:-:*:*:*:*:*:*:*

History

14 Dec 2022, 21:29

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-12-12 13:15

Updated : 2024-02-04 23:14

NVD link : CVE-2022-37930

Mitre link : CVE-2022-37930

CVE.ORG link : CVE-2022-37930

JSON object : View

Products Affected

hpe

hf60_firmware
hf40_firmware
hf60
hf20_firmware
hf40c
hf60c
hf20h_firmware
sf300_firmware
hf20c
hf20c_firmware
hf40c_firmware
hf20h
hf20
sf100
sf100_firmware
sf300
hf40
hf60c_firmware

CWE

NVD-CWE-noinfo

5.5 /10