Vulnerability Description
HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hpe | Storageworks Xp7 Automation Director | >= 8.5.2-02, < 8.6.1-00 |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1041696Third Party AdvisoryVDB Entry
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
- http://www.securitytracker.com/id/1041696Third Party AdvisoryVDB Entry
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
FAQ
What is CVE-2018-7108?
CVE-2018-7108 is a vulnerability with a CVSS score of 5.9 (MEDIUM). HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information...
How severe is CVE-2018-7108?
CVE-2018-7108 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7108?
Check the references section above for vendor advisories and patch information. Affected products include: Hpe Storageworks Xp7 Automation Director.