Vulnerabilities > CVE-2019-11990 - Unspecified vulnerability in HP Universal Internet of Things

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

NVD

Published: 2019-07-19

Updated: 2020-08-24

Summary

Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: * For customers with release UIoT 1.6, fixes are made available with 1.6 RP603 * For customers with release UIoT 1.5, fixes are made available with 1.5 RP503 HF3 * For customers with release older than 1.5, such as 1.4.0, 1.4.1, 1.4.2 and 1.2.4.2, the resolution will be to upgrade to 1.5 RP503 HF3 or 1.6 RP603 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance.

Vulnerable Configurations

Part	Description	Count
Application	Hp HP Universal Internet OF Things 1.2.4.2 HP Universal Internet OF Things 1.4.0 HP Universal Internet OF Things 1.4.1 HP Universal Internet OF Things 1.4.2 HP Universal Internet OF Things 1.5 HP Universal Internet OF Things 1.6	6

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03937en_us