CVE-2020-24623
MEDIUMHewlett Packard Enterprise Universal API Framework - SQL Injection
Title source: llmDescription
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD).
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04024en_us
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-20-1208/
Scores
CVSS v3
6.5
EPSS
0.0015
EPSS Percentile
34.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-89
Status
published
Products (1)
hpe/universal_api_framework
< 2.5.2 (2 CPE variants)
Published
Sep 18, 2020
Tracked Since
Feb 18, 2026