CVE-2019-11997

CVSS V2 Medium 4.3 CVSS V3 Medium 6.1
Description
A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support.
Overview
  • CVE ID
  • CVE-2019-11997
  • Assigner
  • security-alert@hpe.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2020-01-16T19:15:11
  • Last Modified Date
  • 2020-01-27T15:15:39
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:hp:enhanced_internet_usage_manager:8.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:hp:enhanced_internet_usage_manager:9.0:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • CHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 6.1
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.8
  • Impact Score
  • 2.7
History
Created Old Value New Value Data Type Notes
2022-05-10 16:52:26 Added to TrackCVE
2022-12-04 09:45:22 2020-01-16T19:15Z 2020-01-16T19:15:11 CVE Published Date updated
2022-12-04 09:45:22 2020-01-27T15:15:39 CVE Modified Date updated
2022-12-04 09:45:22 Analyzed Vulnerability Status updated