Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.
AnalysisAI
A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8. Affected products include: Hp Thinpro.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker t
HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows l
In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerabi
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today