cbcvebase.

Hpe Nimbleos vulnerabilities

6 known vulnerabilities affecting hpe/nimbleos.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4

Vulnerabilities

Page 1 of 1
CVE-2022-28618P2CRITICALCVSS 9.8fixed in 5.0.10.100≥ 5.1.0.0, < 5.2.1.500+1 more2022-05-20
CVE-2022-28618 [CRITICAL] CWE-77 CVE-2022-28618: A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Ar A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE
nvd
CVE-2020-7138P3HIGHCVSS 8.8≥ 3.1.0.0, ≤ 3.9.3.0≥ 4.1.0.0, ≤ 4.5.6.0+2 more2020-05-19
CVE-2020-7138 [HIGH] CVE-2020-7138: Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storag Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
nvd
CVE-2019-11996P3CRITICALCVSS 9.8≥ 3.1.0.0, ≤ 3.9.1.0≥ 4.1.0.0, ≤ 4.5.4.0+2 more2019-11-07
CVE-2019-11996 [CRITICAL] CVE-2019-11996: Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi arr Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 a
nvd
CVE-2020-7139P3HIGHCVSS 8.1≥ 3.1.0.0, ≤ 3.9.3.0≥ 4.1.0.0, ≤ 4.5.6.0+2 more2020-05-19
CVE-2020-7139 [HIGH] CVE-2020-7139: Potential remote access security vulnerabilities have been identified with HPE Nimble Storage system Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
nvd
CVE-2022-23703P3HIGHCVSS 7.5fixed in 5.0.10.100≥ 5.1.0.0, < 5.2.1.500+1 more2022-04-12
CVE-2022-23703 [HIGH] CVE-2022-23703: A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble S A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions,
nvd
CVE-2022-23705P3HIGHCVSS 7.5fixed in 5.0.10.100≥ 5.1.0.0, < 5.2.1.500+1 more2022-05-09
CVE-2022-23705 [HIGH] CVE-2022-23705: A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble S A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nim
nvd
Hpe Nimbleos vulnerabilities | cvebase