CVE-2018-7111 - A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.

CVE-2018-7111

Summary

A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is that the info can be changed by other users.

References

Vulnerable Configurations

cpe:2.3:a:hp:universal_internet_of_things:1.2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:hp:universal_internet_of_things:1.2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:hp:universal_internet_of_things:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:hp:universal_internet_of_things:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:hp:universal_internet_of_things:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:hp:universal_internet_of_things:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:hp:universal_internet_of_things:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:hp:universal_internet_of_things:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:hp:universal_internet_of_things:1.5:*:*:*:*:*:*:*
cpe:2.3:a:hp:universal_internet_of_things:1.5:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	105704
confirm	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03891en_us

Last major update

03-10-2019 - 00:03

Published

17-10-2018 - 13:29

Last modified

03-10-2019 - 00:03