CVE-2020-7198

Improper Privilege Management in gem/oneview

Identifier

CVE-2020-7198

Package Slug

gem/oneview

Vulnerability

Improper Privilege Management

Description

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.

Affected Versions

All versions starting from 5.0 up to 5.00.02, all versions starting from 5.2 up to 5.4, version 5.20.01

Solution

Upgrade to version 5.5 or higher

Last Modified

2020-11-15

source