CVE-2022-37930 : A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information.

Published 2022-12-12 13:15:14

Updated 2022-12-14 21:29:46

Source Hewlett Packard Enterprise (HPE)

View at NVD, CVE.org

Products affected by CVE-2022-37930

HPE » Sf100 Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:sf100_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Sf100 » Version: N/A
HPE » Sf100 Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:sf100_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Sf100 » Version: N/A
HPE » Sf300 Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:sf300_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Sf300 » Version: N/A
HPE » Sf300 Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:sf300_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Sf300 » Version: N/A
HPE » Hf60c Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:hf60c_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Hf60c » Version: N/A
HPE » Hf60c Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:hf60c_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Hf60c » Version: N/A
HPE » Hf40c Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:hf40c_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Hf40c » Version: N/A
HPE » Hf40c Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:hf40c_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Hf40c » Version: N/A
HPE » Hf20 Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:hf20_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Hf20 » Version: N/A
HPE » Hf20 Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:hf20_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Hf20 » Version: N/A
HPE » Hf40 Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:hf40_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Hf40 » Version: N/A
HPE » Hf40 Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:hf40_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Hf40 » Version: N/A
HPE » Hf60 Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:hf60_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Hf60 » Version: N/A
HPE » Hf60 Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:hf60_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Hf60 » Version: N/A
HPE » Hf20h Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:hf20h_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Hf20h » Version: N/A
HPE » Hf20h Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:hf20h_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Hf20h » Version: N/A
HPE » Hf20c Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:hf20c_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Hf20c » Version: N/A
HPE » Hf20c Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:hf20c_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Hf20c » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-37930

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-37930

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
6.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H	0.8	5.9	Hewlett Packard Enterprise (HPE)
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2022-37930

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04361en_us

Document - HPESBST04361 rev.1 - Nimble Storage Arrays, Local Disclosure of Sensitive Information | HPE Support
Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-37930

Products affected by CVE-2022-37930

Exploit prediction scoring system (EPSS) score for CVE-2022-37930

CVSS scores for CVE-2022-37930

References for CVE-2022-37930