Vulnerabilities > CVE-2019-11988 - Unspecified vulnerability in HPE Smart Update Manager
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5.
Vulnerable Configurations
Nessus
NASL family CGI abuses NASL id HP_SUM_USESSHKEY_AUTH_BYPASS.NASL description The HPE Smart Update manager running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to bypass authentication and execute arbitrary actions defined by the application. last seen 2020-03-18 modified 2020-02-24 plugin id 133955 published 2020-02-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133955 title HP Smart Update Manager Remote Unauthorized Access. NASL family CGI abuses NASL id HP_SUM_CVE-2019-11988.NASL description The HPE Smart Update manager running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to bypass authentication and execute arbitrary actions defined by the application. last seen 2020-03-18 modified 2019-09-13 plugin id 128768 published 2019-09-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128768 title HP Smart Update Manager Remote Unauthorized Access.