CVE-2022-1602

low-risk
Published 2022-09-13

A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Thinpro

Affected Vendors

Hp

References (2)

Vendor Advisory https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789
Vendor Advisory https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal