CVE-2020-24623: Hewlett Packard Enterprise Universal API Framework uaf_token SQL Injection Information Disclosure Vulnerability
First published: Fri Sep 18 2020(Updated: )
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD).
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hewlett Packard Enterprise Universal API Framework | ||
| Hpe Universal Api Framework | <2.5.2 | |
| Hpe Universal Api Framework | <2.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/severity
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-20-1208
- alias/ZDI-CAN-11502
- alias/CVE-2020-24623
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hewlett packard enterprise
- canonical/hewlett packard enterprise universal api framework
- vendor/hpe
- canonical/hpe universal api framework