Vulnerability Details CVE-2020-7198
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2020-7198
-
cpe:2.3:a:hp:oneview:5.0
-
cpe:2.3:a:hp:oneview:5.00.01
-
cpe:2.3:a:hp:oneview:5.00.02
-
cpe:2.3:a:hp:oneview:5.2
-
cpe:2.3:a:hp:oneview:5.20.01
-
cpe:2.3:a:hp:oneview:5.3
-
cpe:2.3:a:hp:oneview:5.4
-
cpe:2.3:a:hp:synergy_composer:5.0
-
cpe:2.3:a:hp:synergy_composer:5.00.01
-
cpe:2.3:a:hp:synergy_composer:5.00.02
-
cpe:2.3:a:hp:synergy_composer:5.2
-
cpe:2.3:a:hp:synergy_composer:5.20.01
-
cpe:2.3:a:hp:synergy_composer:5.3
-
cpe:2.3:a:hp:synergy_composer:5.4
-
cpe:2.3:a:hp:synergy_composer_2:5.0
-
cpe:2.3:a:hp:synergy_composer_2:5.00.01
-
cpe:2.3:a:hp:synergy_composer_2:5.00.02
-
cpe:2.3:a:hp:synergy_composer_2:5.2
-
cpe:2.3:a:hp:synergy_composer_2:5.20.01
-
cpe:2.3:a:hp:synergy_composer_2:5.3
-
cpe:2.3:a:hp:synergy_composer_2:5.4