Vulnerability Description
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hpe | Universal Api Framework | < 2.5.2 |
Related Weaknesses (CWE)
References
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-20-1208/Third Party AdvisoryVDB Entry
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-20-1208/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2020-24623?
CVE-2020-24623 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API ...
How severe is CVE-2020-24623?
CVE-2020-24623 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-24623?
Check the references section above for vendor advisories and patch information. Affected products include: Hpe Universal Api Framework.