- Description
- A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2.
- Source
- security-alert@hpe.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-327
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:storeonce_3640_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57317C6C-99F9-4200-984D-F7E5873BD585",
"versionEndExcluding": "4.3.2"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:storeonce_3640:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "963FF36A-EB2F-4828-BCAC-9E22F8F4F838"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]