CVE-2022-37933

HIGH

HPE Superdome Flex and Superdome Flex 280 Firmware - Local Unauthorized Data Injection

Title source: llm

Description

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made the following software updates to resolve the vulnerability in HPE Superdome Flex firmware 3.60.50 and below and Superdome Flex 280 servers firmware 1.40.60 and below.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04400en_us

Scores

CVSS v3 7.3

EPSS 0.0023

EPSS Percentile 46.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-74

Status published

Products (2)

hpe/superdome_flex_280_firmware < 1.40.60

hpe/superdome_flex_firmware < 3.60.50

Published Jan 05, 2023

Tracked Since Feb 18, 2026