Overview
- Description
- A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2.
- Source
- security-alert@hpe.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-327
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:storeonce_3640_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57317C6C-99F9-4200-984D-F7E5873BD585",
"versionEndExcluding": "4.3.2"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:storeonce_3640:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "963FF36A-EB2F-4828-BCAC-9E22F8F4F838"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]