CVE-2022-37929 (GCVE-0-2022-37929)

Vulnerability from cvelistv5 – Published: 2022-11-03 15:37 – Updated: 2025-05-02 19:32
VLAI?
Summary
Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.
Severity ?
6.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE
  • n/a
Assigner
hpe
References
Impacted products
Vendor Product Version
Hewlett Packard Enterprise (HPE) HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays Affected: Prior to 5.2.1.900 (LTSR), 5.3.0.0 (GA)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:37:42.569Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04360en_us"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-37929",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-02T19:32:42.774940Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-02T19:32:48.107Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays",
          "vendor": "Hewlett Packard Enterprise (HPE)",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 5.2.1.900 (LTSR),  5.3.0.0 (GA)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.\u003c/p\u003e"
            }
          ],
          "value": "Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-12T12:11:04.548Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04360en_us"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "cveClient/1.0.13"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2022-37929",
    "datePublished": "2022-11-03T15:37:25.244Z",
    "dateReserved": "2022-08-08T18:49:44.386Z",
    "dateUpdated": "2025-05-02T19:32:48.107Z",
    "requesterUserId": "6707ad87-4508-4473-b324-feac48da5e14",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-37929",
      "date": "2026-04-25",
      "epss": "0.0004",
      "percentile": "0.12261"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:sf100_firmware:*:*:*:*:ltsr:*:*:*\", \"versionEndExcluding\": \"5.2.1.900\", \"matchCriteriaId\": \"99F83768-3A59-408A-9F6E-0807EC3C6451\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:sf100_firmware:5.3.0.0:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"6876B8E0-2E39-45A2-A04B-08CBECDB0520\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hpe:sf100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"040BAB65-2DB8-4B13-80F9-287C54703E15\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:sf300_firmware:*:*:*:*:ltsr:*:*:*\", \"versionEndExcluding\": \"5.2.1.900\", \"matchCriteriaId\": \"7166CCE1-078B-41E2-A95A-94046953E655\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:sf300_firmware:5.3.0.0:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"F4260FE4-4CA7-4098-BE67-230C5274F998\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hpe:sf300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"558C4F3F-2DB4-4EC2-99F6-F77D6DA7DEB4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:hf60c_firmware:*:*:*:*:ltsr:*:*:*\", \"versionEndExcluding\": \"5.2.1.900\", \"matchCriteriaId\": \"60C442E1-C1E0-432F-BA2D-ADE753004C41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:hf60c_firmware:5.3.0.0:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"87EE8517-7F6E-4813-B5CA-A5CBE40A5E2A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hpe:hf60c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFFF169F-C877-48E5-BF0D-25B3C471CF90\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:hf40c_firmware:*:*:*:*:ltsr:*:*:*\", \"versionEndExcluding\": \"5.2.1.900\", \"matchCriteriaId\": \"8C55BCB5-4768-4F49-99F8-FDFDA3C319AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:hf40c_firmware:5.3.0.0:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"84A531D6-CF63-4203-9D7C-715EA5B9177E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hpe:hf40c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3309FD9C-86D9-4714-8DBD-0254991C5D74\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:hf20_firmware:*:*:*:*:ltsr:*:*:*\", \"versionEndExcluding\": \"5.2.1.900\", \"matchCriteriaId\": \"4C907D3F-4D79-4238-8E50-4B31D2F22DEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:hf20_firmware:5.3.0.0:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"C37AE6A8-50A8-473B-954B-E96B0CC1D270\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hpe:hf20:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41CA80D2-A3A6-4B88-9BD5-4BED8824AFBA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:hf40_firmware:*:*:*:*:ltsr:*:*:*\", \"versionEndExcluding\": \"5.2.1.900\", \"matchCriteriaId\": \"540FEB1E-2DEE-4A64-9B91-594C1A383181\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:hf40_firmware:5.3.0.0:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"DBAC52FD-6931-4793-97DA-4D6CE0B648AE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hpe:hf40:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E723A99-7870-4D68-BB01-980FA62B514C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:hf60_firmware:*:*:*:*:ltsr:*:*:*\", \"versionEndExcluding\": \"5.2.1.900\", \"matchCriteriaId\": \"B8ED6C9E-73F7-4A48-BA9E-F6DF270FDF36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:hf60_firmware:5.3.0.0:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"76BBE2FC-B739-4A8C-8CB6-3443990E3F90\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hpe:hf60:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA30774A-D851-42B3-985B-37B62845C390\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:hf20h_firmware:*:*:*:*:ltsr:*:*:*\", \"versionEndExcluding\": \"5.2.1.900\", \"matchCriteriaId\": \"6B1BCC7D-F2AA-43AF-B968-A9240E5F4A00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:hf20h_firmware:5.3.0.0:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"70237C44-4C27-4E1F-A6FE-FA84B01AB898\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hpe:hf20h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C6F1A74-7387-4DD2-84D2-654C368BC5A1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:hf20c_firmware:*:*:*:*:ltsr:*:*:*\", \"versionEndExcluding\": \"5.2.1.900\", \"matchCriteriaId\": \"8C9EDCD1-6542-4E9E-B91E-3FD4A9AAD577\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hpe:hf20c_firmware:5.3.0.0:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"88331240-B478-45E9-9E59-CA2D1AB763FC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hpe:hf20c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6580C251-7A6C-430A-A33B-028A3A0E8817\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de gesti\\u00f3n de privilegios inadecuada en las matrices flash h\\u00edbridas de Hewlett Packard Enterprise Nimble Storage y las matrices flash secundarias de Nimble Storage.\"}]",
      "id": "CVE-2022-37929",
      "lastModified": "2024-11-21T07:15:24.227",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-alert@hpe.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2022-12-12T13:15:14.233",
      "references": "[{\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04360en_us\", \"source\": \"security-alert@hpe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04360en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-alert@hpe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-37929\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2022-12-12T13:15:14.233\",\"lastModified\":\"2025-05-02T20:15:17.787\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de gesti\u00f3n de privilegios inadecuada en las matrices flash h\u00edbridas de Hewlett Packard Enterprise Nimble Storage y las matrices flash secundarias de Nimble Storage.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-alert@hpe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:sf100_firmware:*:*:*:*:ltsr:*:*:*\",\"versionEndExcluding\":\"5.2.1.900\",\"matchCriteriaId\":\"99F83768-3A59-408A-9F6E-0807EC3C6451\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:sf100_firmware:5.3.0.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"6876B8E0-2E39-45A2-A04B-08CBECDB0520\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hpe:sf100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"040BAB65-2DB8-4B13-80F9-287C54703E15\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:sf300_firmware:*:*:*:*:ltsr:*:*:*\",\"versionEndExcluding\":\"5.2.1.900\",\"matchCriteriaId\":\"7166CCE1-078B-41E2-A95A-94046953E655\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:sf300_firmware:5.3.0.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"F4260FE4-4CA7-4098-BE67-230C5274F998\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hpe:sf300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"558C4F3F-2DB4-4EC2-99F6-F77D6DA7DEB4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:hf60c_firmware:*:*:*:*:ltsr:*:*:*\",\"versionEndExcluding\":\"5.2.1.900\",\"matchCriteriaId\":\"60C442E1-C1E0-432F-BA2D-ADE753004C41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:hf60c_firmware:5.3.0.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"87EE8517-7F6E-4813-B5CA-A5CBE40A5E2A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hpe:hf60c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFFF169F-C877-48E5-BF0D-25B3C471CF90\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:hf40c_firmware:*:*:*:*:ltsr:*:*:*\",\"versionEndExcluding\":\"5.2.1.900\",\"matchCriteriaId\":\"8C55BCB5-4768-4F49-99F8-FDFDA3C319AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:hf40c_firmware:5.3.0.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"84A531D6-CF63-4203-9D7C-715EA5B9177E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hpe:hf40c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3309FD9C-86D9-4714-8DBD-0254991C5D74\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:hf20_firmware:*:*:*:*:ltsr:*:*:*\",\"versionEndExcluding\":\"5.2.1.900\",\"matchCriteriaId\":\"4C907D3F-4D79-4238-8E50-4B31D2F22DEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:hf20_firmware:5.3.0.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"C37AE6A8-50A8-473B-954B-E96B0CC1D270\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hpe:hf20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41CA80D2-A3A6-4B88-9BD5-4BED8824AFBA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:hf40_firmware:*:*:*:*:ltsr:*:*:*\",\"versionEndExcluding\":\"5.2.1.900\",\"matchCriteriaId\":\"540FEB1E-2DEE-4A64-9B91-594C1A383181\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:hf40_firmware:5.3.0.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"DBAC52FD-6931-4793-97DA-4D6CE0B648AE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hpe:hf40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E723A99-7870-4D68-BB01-980FA62B514C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:hf60_firmware:*:*:*:*:ltsr:*:*:*\",\"versionEndExcluding\":\"5.2.1.900\",\"matchCriteriaId\":\"B8ED6C9E-73F7-4A48-BA9E-F6DF270FDF36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:hf60_firmware:5.3.0.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"76BBE2FC-B739-4A8C-8CB6-3443990E3F90\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hpe:hf60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA30774A-D851-42B3-985B-37B62845C390\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:hf20h_firmware:*:*:*:*:ltsr:*:*:*\",\"versionEndExcluding\":\"5.2.1.900\",\"matchCriteriaId\":\"6B1BCC7D-F2AA-43AF-B968-A9240E5F4A00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:hf20h_firmware:5.3.0.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"70237C44-4C27-4E1F-A6FE-FA84B01AB898\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hpe:hf20h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C6F1A74-7387-4DD2-84D2-654C368BC5A1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:hf20c_firmware:*:*:*:*:ltsr:*:*:*\",\"versionEndExcluding\":\"5.2.1.900\",\"matchCriteriaId\":\"8C9EDCD1-6542-4E9E-B91E-3FD4A9AAD577\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:hf20c_firmware:5.3.0.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"88331240-B478-45E9-9E59-CA2D1AB763FC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hpe:hf20c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6580C251-7A6C-430A-A33B-028A3A0E8817\"}]}]}],\"references\":[{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04360en_us\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04360en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04360en_us\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T10:37:42.569Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-37929\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-02T19:32:42.774940Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-02T19:32:38.164Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hewlett Packard Enterprise (HPE)\", \"product\": \"HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays\", \"versions\": [{\"status\": \"affected\", \"version\": \"Prior to 5.2.1.900 (LTSR),  5.3.0.0 (GA)\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04360en_us\"}], \"x_generator\": {\"engine\": \"cveClient/1.0.13\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"shortName\": \"hpe\", \"dateUpdated\": \"2022-12-12T12:11:04.548Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-37929\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-02T19:32:48.107Z\", \"dateReserved\": \"2022-08-08T18:49:44.386Z\", \"assignerOrgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"datePublished\": \"2022-11-03T15:37:25.244Z\", \"requesterUserId\": \"6707ad87-4508-4473-b324-feac48da5e14\", \"assignerShortName\": \"hpe\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.