CVE-2018-7111

MEDIUM

HPE Universal IoT 1.5/1.4.0-1.4.2/1.2.4.2 - Unauthenticated Remote Access via DSM Portal/API

Title source: llm

Description

A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is that the info can be changed by other users.

References (3)

Core 3

Core References

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/151691

Vendor Advisory x_refsource_confirm

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03891en_us

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105704

Scores

CVSS v3 5.3

EPSS 0.0366

EPSS Percentile 88.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

Status published

Products (5)

hp/universal_internet_of_things 1.2.4.2

hp/universal_internet_of_things 1.4.0

hp/universal_internet_of_things 1.4.1

hp/universal_internet_of_things 1.4.2

hp/universal_internet_of_things 1.5

Published Oct 17, 2018

Tracked Since Feb 18, 2026