Vulnerabilities > CVE-2020-7136 - Unspecified vulnerability in HPE Smart Update Manager

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

hpe

critical

NVD

Published: 2020-04-30

Updated: 2020-05-07

Summary

A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).

Vulnerable Configurations

Part	Description	Count
Application	Hpe HPE Smart Update Manager - HPE Smart Update Manager 6.0.0 HPE Smart Update Manager 6.2.0 HPE Smart Update Manager 6.3.1.0 HPE Smart Update Manager 6.4.1 HPE Smart Update Manager 6.4.1.0 HPE Smart Update Manager 7.1.0 HPE Smart Update Manager 7.2.0 HPE Smart Update Manager 7.3.0 HPE Smart Update Manager 7.3.1 HPE Smart Update Manager 7.4.0 HPE Smart Update Manager 7.5.1 HPE Smart Update Manager 7.6.0 HPE Smart Update Manager 7.6.2 HPE Smart Update Manager 8.0.0 HPE Smart Update Manager 8.1.0 HPE Smart Update Manager 8.2.0 HPE Smart Update Manager 8.3.0 HPE Smart Update Manager 8.3.1 HPE Smart Update Manager 8.3.5 HPE Smart Update Manager 8.3.6 HPE Smart Update Manager 8.3.7 HPE Smart Update Manager 8.4.0 HPE Smart Update Manager 8.4.5 HPE Smart Update Manager 8.5.0 HPE Smart Update Manager 8.5.1	26

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03997en_us