CVE-2019-11999 Information

Feb 14, 2021 cve

Description

Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks For OCMP version 4.4.X - please upgrade to OCMP 4.4.8 and then install RP806 LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks For OCMP 4.5.x please contact HPE Technical Support to obtain the necessary software updates.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

Reference

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03984en_us

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

LOW

Base Score

NONE

Base Severity

6.9

Share on: