CVE-2020-7138

Summary

Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100

Affected Software

VendorProductVersion RangeStatus
n/aHPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays3.9.2.0 and older 4.5.5.0 and older 5.0.8.0 and older 5.1.4.0 and olderaffected

Weaknesses

  • remote code execution

ADP Enrichment

CVE Program Container

Additional References

References