Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Hpe Subscribe
Filtered by product Nimbleos
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28618 1 Hpe 4 Nimble Storage All Flash Arrays, Nimble Storage Hybrid Flash Arrays, Nimble Storage Secondary Flash Arrays and 1 more 2022-06-07 7.5 HIGH 9.8 CRITICAL
A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.
CVE-2022-23705 1 Hpe 1 Nimbleos 2022-05-23 5.0 MEDIUM 7.5 HIGH
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.
CVE-2022-23703 1 Hpe 1 Nimbleos 2022-04-19 5.0 MEDIUM 7.5 HIGH
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100
CVE-2020-7138 1 Hpe 10 Nimble Storage Af20 All Flash Array, Nimble Storage Af20q All Flash Dual Controller, Nimble Storage Af40 All Flash Dual Controller and 7 more 2021-07-21 6.5 MEDIUM 8.8 HIGH
Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
CVE-2020-7139 1 Hpe 10 Nimble Storage Af20 All Flash Array, Nimble Storage Af20q All Flash Dual Controller, Nimble Storage Af40 All Flash Dual Controller and 7 more 2021-07-21 5.5 MEDIUM 8.1 HIGH
Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
CVE-2019-11996 1 Hpe 10 Nimble Storage Af20 All Flash Array, Nimble Storage Af20q All Flash Dual Controller, Nimble Storage Af40 All Flash Dual Controller and 7 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0.