A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made the following software updates to resolve the vulnerability in HPE Superdome Flex firmware 3.60.50 and below and Superdome Flex 280 servers firmware 1.40.60 and below.
References
Link | Resource |
---|---|
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04400en_us | Vendor Advisory |
Configurations
History
07 Nov 2023, 03:49
Type | Values Removed | Values Added |
---|---|---|
Summary | A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made the following software updates to resolve the vulnerability in HPE Superdome Flex firmware 3.60.50 and below and Superdome Flex 280 servers firmware 1.40.60 and below. |
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-74 |
12 Jan 2023, 17:03
Type | Values Removed | Values Added |
---|---|---|
First Time |
Hpe superdome Flex Firmware
Hpe superdome Flex 280 Hpe superdome Flex Hpe Hpe superdome Flex 280 Firmware |
|
References | (MISC) https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04400en_us - Vendor Advisory | |
CWE | CWE-94 | |
CPE | cpe:2.3:o:hpe:superdome_flex_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hpe:superdome_flex_280_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hpe:superdome_flex_280:-:*:*:*:*:*:*:* cpe:2.3:h:hpe:superdome_flex:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
05 Jan 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-05 07:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-37933
Mitre link : CVE-2022-37933
CVE.ORG link : CVE-2022-37933
JSON object : View
Products Affected
hpe
- superdome_flex
- superdome_flex_280
- superdome_flex_280_firmware
- superdome_flex_firmware
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')