CVE-2019-5408

Description

Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr.

6.5
CVSS
Severity: Medium
CVSS 3.0 •
CVSS 2.0 •
EPSS 0.40%
Vendor Advisory hpe.com
Affected: Hewlett Packard Enterprise (HPE) HP XP7 CVAE
Published at:
Updated at:

References

Link Tags
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us vendor advisory

Frequently Asked Questions

What is the severity of CVE-2019-5408?
CVE-2019-5408 has been scored as a medium severity vulnerability.
How to fix CVE-2019-5408?
To fix CVE-2019-5408, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-5408 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2019-5408 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-5408?
CVE-2019-5408 affects Hewlett Packard Enterprise (HPE) HP XP7 CVAE.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.