VAR-202004-2081
Vulnerability from variot - Updated: 2023-12-18 13:07A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.
There are security vulnerabilities in HPE UIoT 1.4.2 and earlier versions. HPE UIoT is a set of universal Internet of Things platforms for Hewlett Packard Enterprise (HPE). The platform has functions such as data analysis, currency security, and synchronization management. The following products and versions are affected: HPE IOT + GCP version 1.4.0, version 1.4.1, version 1.4.2, version 1.2.4.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hpe iot \\+ gcp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.4.0"
},
{
"model": "hpe iot \\+ gcp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.4.1"
},
{
"model": "hpe iot \\+ gcp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.4.2"
},
{
"model": "hpe iot \\+ gcp",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.2.4.2"
},
{
"model": "hpe iot + gcp",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.2.4.2"
},
{
"model": "hpe iot + gcp",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.4.0"
},
{
"model": "hpe iot + gcp",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.4.1"
},
{
"model": "hpe iot + gcp",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.4.2"
},
{
"model": "uiot",
"scope": "lte",
"trust": 0.6,
"vendor": "hpe",
"version": "\u003c=1.4.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28767"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004936"
},
{
"db": "NVD",
"id": "CVE-2020-7134"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:hpe_iot_\\+_gcp:1.2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:hpe_iot_\\+_gcp:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:hpe_iot_\\+_gcp:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:hpe_iot_\\+_gcp:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7134"
}
]
},
"cve": "CVE-2020-7134",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-004936",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-28767",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2020-7134",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004936",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-7134",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-004936",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-28767",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2134",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-7134",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28767"
},
{
"db": "VULMON",
"id": "CVE-2020-7134"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004936"
},
{
"db": "NVD",
"id": "CVE-2020-7134"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2134"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. \n\r\n\r\nThere are security vulnerabilities in HPE UIoT 1.4.2 and earlier versions. HPE UIoT is a set of universal Internet of Things platforms for Hewlett Packard Enterprise (HPE). The platform has functions such as data analysis, currency security, and synchronization management. The following products and versions are affected: HPE IOT + GCP version 1.4.0, version 1.4.1, version 1.4.2, version 1.2.4.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7134"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004936"
},
{
"db": "CNVD",
"id": "CNVD-2020-28767"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2134"
},
{
"db": "VULMON",
"id": "CVE-2020-7134"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7134",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004936",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28767",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2134",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-7134",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28767"
},
{
"db": "VULMON",
"id": "CVE-2020-7134"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004936"
},
{
"db": "NVD",
"id": "CVE-2020-7134"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2134"
}
]
},
"id": "VAR-202004-2081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28767"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28767"
}
]
},
"last_update_date": "2023-12-18T13:07:37.263000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hpesbhf03947en_us",
"trust": 0.8,
"url": "https://support.hpe.com/hpesc/public/docdisplay?doclocale=en_us\u0026docid=emr_na-hpesbhf03947en_us"
},
{
"title": "Patch for HPE UIoT Information Disclosure Vulnerability (CNVD-2020-28767)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/217795"
},
{
"title": "HPE UIoT Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117057"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28767"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004936"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2134"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004936"
},
{
"db": "NVD",
"id": "CVE-2020-7134"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7134"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03947en_us"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7134"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28767"
},
{
"db": "VULMON",
"id": "CVE-2020-7134"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004936"
},
{
"db": "NVD",
"id": "CVE-2020-7134"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2134"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28767"
},
{
"db": "VULMON",
"id": "CVE-2020-7134"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004936"
},
{
"db": "NVD",
"id": "CVE-2020-7134"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2134"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28767"
},
{
"date": "2020-04-24T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7134"
},
{
"date": "2020-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004936"
},
{
"date": "2020-04-24T19:15:13.473000",
"db": "NVD",
"id": "CVE-2020-7134"
},
{
"date": "2020-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2134"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28767"
},
{
"date": "2020-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7134"
},
{
"date": "2020-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004936"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2020-7134"
},
{
"date": "2020-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2134"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2134"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HPE IOT + GCP Vulnerability regarding information leakage in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004936"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2134"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…