HP Security Manager: PrivEsc, CodeExec & InfoDis Close vulnerability
CVE-2022-46358 Published on January 30, 2023
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.
Vulnerability Analysis
CVE-2022-46358 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2022-46358
Want to know whenever a new CVE is published for HP Security Manager? stack.watch will email you.
Affected Versions
HP Inc. HP Security Manager Version See HP Security Bulletin reference for affected versions. is affected by CVE-2022-46358Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.