CVE-2018-7107
HIGHHPE Device Entitlement Gateway 3.2.4, 3.3, 3.3.1 - SQL Injection
Title source: llmDescription
A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03889en_us
Scores
CVSS v3
8.8
EPSS
0.0028
EPSS Percentile
51.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (3)
hpe/device_entitlement_gateway
3.2.4
hpe/device_entitlement_gateway
3.3
hpe/device_entitlement_gateway
3.3.1
Published
Sep 27, 2018
Tracked Since
Feb 18, 2026