SB2022080218 - Multiple vulnerabilities in HPE products
Published: August 2, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2022-28626)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local user with high privileges can trigger the vulnerability to escalate privileges on the system.
2) Input validation error (CVE-ID: CVE-2022-28627)
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trigger the vulnerability to escalate privileges on the system.
3) Input validation error (CVE-ID: CVE-2022-28628)
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trigger the vulnerability to escalate privileges on the system.
4) Input validation error (CVE-ID: CVE-2022-28629)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can trigger the vulnerability to escalate privileges on the system.
5) Input validation error (CVE-ID: CVE-2022-28630)
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trick the victim into opening a specially crafted file to escalate privileges on the system.
6) Input validation error (CVE-ID: CVE-2022-28631)
The vulnerability allows a remote attacker on the local network to execute arbitrary code on the system and perform a denial of service attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can trigger the vulnerability to execute arbitrary code on the system and perform a denial of service attack.
7) Input validation error (CVE-ID: CVE-2022-28632)
The vulnerability allows a remote attacker on the local network to execute arbitrary code on the system and perform a denial of service attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can trigger the vulnerability to execute arbitrary code on the system and perform a denial of service attack.
8) Input validation error (CVE-ID: CVE-2022-28633)
The vulnerability allows a local attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trigger the vulnerability to gain access to sensitive information and modify data on the system.
9) Input validation error (CVE-ID: CVE-2022-28634)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local user with high privileges can trigger the vulnerability to escalate privileges on the system.
10) Input validation error (CVE-ID: CVE-2022-28635)
The vulnerability allows a local attacker to escalate privileges on the system and perform a denial of service attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trigger the vulnerability to escalate privileges on the system and perform a denial of service attack.
11) Input validation error (CVE-ID: CVE-2022-28636)
The vulnerability allows a local attacker to escalate privileges on the system and perform a denial of service attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trigger the vulnerability to escalate privileges on the system and perform a denial of service attack.
Remediation
Install update from vendor's website.