Service Manager Security Vulnerabilities
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this...
8.8CVSS
9AI Score
0.001EPSS
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. Version 2022.1.133.0 corrects this...
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the...
8.8CVSS
9AI Score
0.001EPSS
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). Version 2022.1.110.1.02 fixes the...
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes...
5.4CVSS
5.5AI Score
0.001EPSS
Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in...
6.1CVSS
5.9AI Score
0.001EPSS
Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network...
5.3CVSS
8.7AI Score
0.003EPSS
Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network...
9.8CVSS
9.8AI Score
0.01EPSS
Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network...
7.5CVSS
8.1AI Score
0.002EPSS
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network...
9.8CVSS
9.4AI Score
0.008EPSS
Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or...
6.1CVSS
6.1AI Score
0.001EPSS
HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51,...
7.5CVSS
7.4AI Score
0.002EPSS
Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure...
8.8CVSS
7.2AI Score
0.001EPSS
HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and...
8CVSS
6.4AI Score
0.001EPSS
HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility...
7.5CVSS
7.1AI Score
0.002EPSS
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections...
9.8CVSS
7.8AI Score
0.003EPSS
Unspecified vulnerability in the WebTier component in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to execute arbitrary code via unknown...
7.8AI Score
0.104EPSS
Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unknown...
7.2AI Score
0.003EPSS
Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown...
7.2AI Score
0.013EPSS
Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.002EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) insert XSS sequences or (2) execute arbitrary...
7.4AI Score
0.013EPSS
Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.014EPSS
Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown...
7.3AI Score
0.004EPSS
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown...
7.8AI Score
0.027EPSS
HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection"...
7.9AI Score
0.011EPSS
HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified...
5.9AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.002EPSS
HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified...
5.9AI Score
0.001EPSS
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown...
6.7AI Score
0.014EPSS
Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.002EPSS
HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to obtain sensitive information via unspecified...
6.4AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.002EPSS
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows local users to bypass intended access restrictions via unknown...
6.4AI Score
0.0004EPSS
HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown...
6.7AI Score
0.006EPSS
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown...
6.4AI Score
0.023EPSS
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to obtain sensitive information via unknown...
6.3AI Score
0.005EPSS
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown...
6.3AI Score
0.006EPSS
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown...
6.8AI Score
0.005EPSS
Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown...
7.3AI Score
0.008EPSS