CVE-2015-2140 — Improper Input Validation in HP Systems Insight Manager

CWE-20 — Improper Input Validation CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 54.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Systems Insight Manager

Timeline

PublishedAug 27

Latest updateMay 17

Description

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDhp/systems_insight_manager7.4

🔴Vulnerability Details

GHSA

GHSA-h57m-jqm8-q82f: HP Systems Insight Manager (SIM) before 7↗2022-05-17

▶

GHSA

OpenStack Nova host data access through resize/migration↗2022-05-14

▶

CVEList

CVE-2015-2140: HP Systems Insight Manager (SIM) before 7↗2015-08-27

▶

📋Vendor Advisories

Red Hat

openstack-nova: Host data leak through resize/migration↗2016-03-08

▶