What is the severity of CVE-2020-24623?

CVE-2020-24623 is considered a high-severity vulnerability due to its potential for remote SQL injection.

How do I fix CVE-2020-24623?

To fix CVE-2020-24623, upgrade to HPE Universal API Framework version 2.5.3 or later, which addresses the vulnerability.

What software is affected by CVE-2020-24623?

CVE-2020-24623 affects HPE Universal API Framework versions up to 2.5.2 for both VMware Esxi and Microsoft Hyper-V.

Can CVE-2020-24623 be exploited remotely?

Yes, CVE-2020-24623 can be exploited remotely, allowing attackers to perform SQL injection attacks.

What are the consequences of an exploit related to CVE-2020-24623?

Exploitation of CVE-2020-24623 could allow attackers to gain unauthorized access to sensitive data within the database.

Vulnerability/
CVE-2020-24623

medium

6.5

CWE

18/9/2020

4/8/2024

CVE-2020-24623: Hewlett Packard Enterprise Universal API Framework uaf_token SQL Injection Information Disclosure Vulnerability

First published: Fri Sep 18 2020(Updated: )

A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD).

Credit: security-alert@hpe.com

Affected Software	Affected Version	How to fix
Hewlett Packard Enterprise Universal API Framework
Hpe Universal Api Framework	<2.5.2
Hpe Universal Api Framework	<2.5.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-24623?
CVE-2020-24623 is considered a high-severity vulnerability due to its potential for remote SQL injection.
How do I fix CVE-2020-24623?
To fix CVE-2020-24623, upgrade to HPE Universal API Framework version 2.5.3 or later, which addresses the vulnerability.
What software is affected by CVE-2020-24623?
CVE-2020-24623 affects HPE Universal API Framework versions up to 2.5.2 for both VMware Esxi and Microsoft Hyper-V.
Can CVE-2020-24623 be exploited remotely?
Yes, CVE-2020-24623 can be exploited remotely, allowing attackers to perform SQL injection attacks.
What are the consequences of an exploit related to CVE-2020-24623?
Exploitation of CVE-2020-24623 could allow attackers to gain unauthorized access to sensitive data within the database.

agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/references
agent/last-modified-date
agent/weakness
agent/title
agent/severity
collector/zdi-advisory
source/ZDI
alias/ZDI-20-1208
alias/ZDI-CAN-11502
alias/CVE-2020-24623
agent/software-canonical-lookup
agent/first-publish-date
agent/description
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/trending
agent/tags
agent/source
vendor/hewlett packard enterprise
canonical/hewlett packard enterprise universal api framework
vendor/hpe
canonical/hpe universal api framework

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.