CVE-2020-7139
First published: Tue May 19 2020(Updated: )
Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hpe Nimbleos | >=3.1.0.0<=3.9.3.0 | |
| Hpe Nimbleos | >=4.1.0.0<=4.5.6.0 | |
| Hpe Nimbleos | >=5.0.1.0<=5.0.9.0 | |
| Hpe Nimbleos | >=5.1.0.0<=5.1.4.100 | |
| Hpe Nimble Storage Af20 All Flash Array | ||
| Hpe Nimble Storage Af20q All Flash Dual Controller | ||
| Hpe Nimble Storage Af40 All Flash Dual Controller | ||
| Hpe Nimble Storage Af60 All Flash Dual Controller | ||
| Hpe Nimble Storage Af80 All Flash Dual Controller | ||
| Hpe Nimble Storage Cs3000 | ||
| Hpe Nimble Storage Cs5000 | ||
| Hpe Nimble Storage Cs7000 | ||
| HPE Nimble Storage Secondary Flash Arrays |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-7139?
CVE-2020-7139 is a vulnerability identified in HPE Nimble Storage systems that could allow an attacker to access and modify sensitive information.
What is the severity of CVE-2020-7139?
CVE-2020-7139 has a severity rating of 8.1, which is considered high.
Which versions of NimbleOS are affected by CVE-2020-7139?
NimbleOS versions 3.1.0.0 through 3.9.3.0, 4.1.0.0 through 4.5.6.0, 5.0.1.0 through 5.0.9.0, and 5.1.0.0 through 5.1.4.100 are affected by CVE-2020-7139.
How can an attacker exploit CVE-2020-7139?
An attacker can exploit CVE-2020-7139 by leveraging remote access vulnerabilities in HPE Nimble Storage systems to gain unauthorized access and modify sensitive information.
Where can I find more information about CVE-2020-7139?
You can find more information about CVE-2020-7139 at the following reference link: [link](https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03991en_us)
- collector/nvd-index
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/hpe
- canonical/hpe nimbleos
- version/hpe nimbleos/3.1.0.0
- version/hpe nimbleos/3.9.3.0
- version/hpe nimbleos/4.1.0.0
- version/hpe nimbleos/4.5.6.0
- version/hpe nimbleos/5.0.1.0
- version/hpe nimbleos/5.0.9.0
- version/hpe nimbleos/5.1.0.0
- version/hpe nimbleos/5.1.4.100
- canonical/hpe nimble storage af20 all flash array
- canonical/hpe nimble storage af20q all flash dual controller
- canonical/hpe nimble storage af40 all flash dual controller
- canonical/hpe nimble storage af60 all flash dual controller
- canonical/hpe nimble storage af80 all flash dual controller
- canonical/hpe nimble storage cs3000
- canonical/hpe nimble storage cs5000
- canonical/hpe nimble storage cs7000
- canonical/hpe nimble storage secondary flash arrays