CVE-2022-23702
Published Apr 12, 2022
Last updated a year ago
Overview
- Description
- A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware update. HPE Superdome Flex Server Version 3.50.58 or later, HPE Superdome Flex 280 Server Version 1.20.204 or later.
- Source
- security-alert@hpe.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:superdome_flex_server_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B41868FA-8FD0-4FFA-839C-A014EEB586B0",
"versionEndExcluding": "3.50.58"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:superdome_flex_server:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "74B3DA6F-91D3-4C17-A34B-6AA6B9642B3F"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:superdome_flex_280_server_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21124652-E4B9-4B3F-ABD8-4729C22FE07B",
"versionEndExcluding": "1.20.204"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:superdome_flex_280_server:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "72361B1C-8CC6-4398-8076-D2A52E13A97A"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]