Vulnerability Description
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Xp7 Device Manager | >= 7.0.0-00, < 8.6.1-02 |
| Hp | Xp7 Replication Manager | - |
| Hp | Xp7 Tiered Storage Manager | - |
References
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
FAQ
What is CVE-2019-5408?
CVE-2019-5408 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem i...
How severe is CVE-2019-5408?
CVE-2019-5408 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5408?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Xp7 Device Manager, Hp Xp7 Replication Manager, Hp Xp7 Tiered Storage Manager.