nvd-json-data-feeds/CVE-2021/CVE-2021-292xx/CVE-2021-29214.json

{
  "id": "CVE-2021-29214",
  "sourceIdentifier": "security-alert@hpe.com",
  "published": "2021-12-10T17:15:07.480",
  "lastModified": "2022-07-12T17:42:04.277",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad de seguridad en HPE StoreServ Management Console (SSMC). Un administrador autenticado de SSMC podr\u00eda explotar la vulnerabilidad para inyectar c\u00f3digo y elevar sus privilegios en SSMC. El alcance de esta vulnerabilidad es limitada a SSMC. Nota: Las matrices que son administradas no est\u00e1n afectadas por esta vulnerabilidad. Esta vulnerabilidad afecta a SSMC versiones 3.4 GA a 3.8.1"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:hp:storeserv_management_console:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "3.4",
              "versionEndIncluding": "3.8.1",
              "matchCriteriaId": "42ED87C6-B206-4810-A942-6508B8E09475"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04207en_us",
      "source": "security-alert@hpe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}