SB2022080218 - Multiple vulnerabilities in HPE products

Main Vulnerability Database SB2022080218

SB2022080218 - Multiple vulnerabilities in HPE products

Published: August 2, 2022

Security Bulletin ID SB2022080218

CSH Severity

High

Patch available

YES

Number of vulnerabilities 11

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 11 vulnerabilities.

1) Input validation error (CVE-ID: CVE-2022-28626)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A local user with high privileges can trigger the vulnerability to escalate privileges on the system.

2) Input validation error (CVE-ID: CVE-2022-28627)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trigger the vulnerability to escalate privileges on the system.

3) Input validation error (CVE-ID: CVE-2022-28628)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trigger the vulnerability to escalate privileges on the system.

4) Input validation error (CVE-ID: CVE-2022-28629)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A local user can trigger the vulnerability to escalate privileges on the system.

5) Input validation error (CVE-ID: CVE-2022-28630)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trick the victim into opening a specially crafted file to escalate privileges on the system.

6) Input validation error (CVE-ID: CVE-2022-28631)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker on the local network to execute arbitrary code on the system and perform a denial of service attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can trigger the vulnerability to execute arbitrary code on the system and perform a denial of service attack.

7) Input validation error (CVE-ID: CVE-2022-28632)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker on the local network to execute arbitrary code on the system and perform a denial of service attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can trigger the vulnerability to execute arbitrary code on the system and perform a denial of service attack.

8) Input validation error (CVE-ID: CVE-2022-28633)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a local attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trigger the vulnerability to gain access to sensitive information and modify data on the system.

9) Input validation error (CVE-ID: CVE-2022-28634)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A local user with high privileges can trigger the vulnerability to escalate privileges on the system.

10) Input validation error (CVE-ID: CVE-2022-28635)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a local attacker to escalate privileges on the system and perform a denial of service attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trigger the vulnerability to escalate privileges on the system and perform a denial of service attack.

11) Input validation error (CVE-ID: CVE-2022-28636)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a local attacker to escalate privileges on the system and perform a denial of service attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trigger the vulnerability to escalate privileges on the system and perform a denial of service attack.

Remediation

Install update from vendor's website.

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04333en_us